PkgRadar

npm · registry.npmjs.org

@hasna/deployment

Install Lifecycle Suppresses Failure: postinstall="mkdir -p $HOME/.hasna/deployment 2>/dev/null || true"

Why PkgRadar flagged 0.0.10

SeveritySignalEvidence
highInstall Lifecycle Suppresses Failurepostinstall="mkdir -p $HOME/.hasna/deployment 2>/dev/null || true" · package.json
mediumCredential file accessmatched "AWS_ACCESS_KEY" · package/dist/server/index.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.10High risk502026-06-10
0.0.9High risk502026-06-10
0.0.11High risk452026-06-10
0.0.8High risk452026-06-10
0.0.7High risk452026-06-10

Block this in CI

PkgRadar gates @hasna/deployment (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @hasna/[email protected]
Start free — 25 scans / moView full evidence