npm · registry.npmjs.org
@heymp/scratchpad
Install-time lifecycle script: preinstall="echo 'Do not run yarn install directly. Use: yarn setup' && exit 1"
Why PkgRadar flagged 1.0.0-next.22
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | preinstall added in 1.0.0-next.22 vs 1.0.0-next.20: "echo 'Do not run yarn install directly. Use: yarn setup' && exit 1" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.0-next.10 | Low risk | 0 | 2026-06-10 |
1.0.0-next.18 | Low risk | 0 | 2026-06-10 |
1.0.0-next.19 | Low risk | 0 | 2026-06-10 |
1.0.0-next.20 | Low risk | 0 | 2026-06-10 |
1.0.0-next.22 | High risk | 45 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem npm @heymp/[email protected]