npm · registry.npmjs.org
@figma/nodegit
Native Addon Gyp Action: binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle)
Why PkgRadar flagged 0.28.0-figma.4
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | install added in 0.28.0-figma.4 vs 0.28.0-figma.3: "node lifecycleScripts/preinstall && node lifecycleScripts/install" · package.json |
| high | New Lifecycle Script Vs Previous | postinstall added in 0.28.0-figma.4 vs 0.28.0-figma.3: "node lifecycleScripts/postinstall" · package.json |
| high | Native Addon Gyp Action | binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle) · package/binding.gyp |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.28.0-figma.4 | High risk | 125 | 2026-06-10 |
0.28.0-figma.6 | Review | 7 | 2026-06-08 |
0.28.0-figma.8 | Review | 10 | 2026-06-02 |
0.28.0-figma.9 | Review | 10 | 2026-06-02 |
Campaign attribution
Related campaigns
Block this in CI
pkgradar gate --ecosystem npm @figma/[email protected]