PkgRadar

npm · registry.npmjs.org

@kno2/ccdaview

Install-time lifecycle script: preinstall="npm whoami || npm login"

Why PkgRadar flagged 2.0.3

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspreinstall added in 2.0.3 vs 2.0.2: "npm whoami || npm login" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.0.1Low risk02026-06-17
2.0.2Low risk02026-06-17
2.0.3High risk452026-06-17
2.0.4High risk502026-06-17

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @kno2/ccdaview (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @kno2/[email protected]
Start free — 25 scans / moView full evidence