PkgRadar

npm · registry.npmjs.org

@fentech/gitcontext

Install-time lifecycle script: postinstall="node scripts/postinstall.mjs"

Why PkgRadar flagged 0.9.1

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 0.9.1 vs 0.9.0: "node scripts/postinstall.mjs" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.22.0Review32026-06-13
0.21.1Review32026-06-12
0.21.0Review32026-06-12
0.20.0Review32026-06-12
0.19.0Review32026-06-11
0.18.0Review32026-06-11
0.17.0Review32026-06-11
0.16.0Review32026-06-11
0.15.4Review32026-06-10
0.15.3Review32026-06-10
0.15.2Review32026-06-10
0.15.1Review32026-06-10
0.15.0Review32026-06-10
0.9.1High risk452026-06-10
0.14.0Review32026-06-10
0.13.0Review52026-06-09
0.12.1Review32026-06-06
0.12.0Review52026-06-03
0.11.0Review52026-06-02
0.10.0Review52026-06-02
0.9.0Low risk02026-06-02
0.5.0Low risk02026-05-31
0.3.3Low risk02026-05-31

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @fentech/gitcontext (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @fentech/[email protected]
Start free — 25 scans / moView full evidence