npm · registry.npmjs.org
@forge/cli
Install Lifecycle Remote Or Exec: postinstall="node -e \"fs.existsSync('./out/bin/postinstall.js') && require('./out/bin/postinstall.js')\""
Why PkgRadar flagged 12.21.0-experimental-4a332af
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"fs.existsSync('./out/bin/postinstall.js') && require('./out/bin/postinstall.js')\"" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
12.21.0-experimental-4a332af | Review | 10 | 2026-06-01 |
12.21.0 | Review | 10 | 2026-05-30 |
12.21.0-next.8-experimental-2e302e1 | Review | 10 | 2026-05-30 |
12.21.0-next.13 | Review | 10 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem npm @forge/[email protected]