npm · registry.npmjs.org

@kidsinai/kids-opencode

Install Lifecycle Suppresses Failure: postinstall="sh ./scripts/postinstall.sh || true"

Why PkgRadar flagged 0.0.15

Severity	Signal	Evidence
high	Install Lifecycle Suppresses Failure	postinstall="sh ./scripts/postinstall.sh \|\| true" · package.json
medium	Manifest Codeless Dependency Stub	package ships no JS/TS source but declares 3 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.15`	High risk	28	2026-06-10
`0.0.25`	High risk	28	2026-06-10
`0.0.26`	High risk	28	2026-06-10
`0.0.24`	High risk	28	2026-06-10
`0.0.23`	High risk	28	2026-06-10
`0.0.21`	High risk	28	2026-06-10
`0.0.22`	High risk	40	2026-06-10
`0.0.20`	High risk	28	2026-06-10
`0.0.19`	High risk	28	2026-06-10
`0.0.18`	High risk	28	2026-06-10
`0.0.17`	High risk	40	2026-06-10
`0.0.16`	High risk	28	2026-06-10
`0.0.14`	High risk	28	2026-06-10
`0.0.13`	High risk	28	2026-06-10

Block this in CI

PkgRadar gates @kidsinai/kids-opencode (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @kidsinai/[email protected]