PkgRadar

npm · registry.npmjs.org

@lumifai/node-jq-native

Install Lifecycle Suppresses Failure: preinstall="chmod +x scripts/*.sh scripts/*.js || true"

Why PkgRadar flagged 1.0.0

SeveritySignalEvidence
highInstall Lifecycle Suppresses Failurepreinstall="chmod +x scripts/*.sh scripts/*.js || true" · package.json
mediumRemote Payloadmatched "github.com/kkos/oniguruma/releases/download" · package/deps/jq/compile-ios.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.0High risk422026-06-09
1.1.0Review12026-06-09
1.2.1Review12026-06-09
1.2.2Review12026-06-09

Block this in CI

PkgRadar gates @lumifai/node-jq-native (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @lumifai/[email protected]
Start free — 25 scans / moView full evidence