PkgRadar

npm · registry.npmjs.org

@mk-co/neox-cli

Install-time lifecycle script: postinstall="node install.cjs"

Why PkgRadar flagged 2.1.1

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 2.1.1 vs 0.0.0-reserved: "node install.cjs" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.1.1High risk452026-06-10
2.4.7Review52026-06-07
2.4.7-test2Review52026-06-07
2.4.7-testReview52026-06-07
2.4.6Review52026-06-07
2.4.1Review52026-06-06
2.4.0Review52026-06-06
2.3.1Review52026-06-06
2.3.0Review52026-06-05
2.2.23Review52026-06-05
2.2.16Review52026-06-04
2.2.15Review52026-06-04
2.2.13Review52026-06-04
2.2.12Review52026-06-04
2.2.10Review52026-06-04
2.2.8Review52026-06-03
2.2.9Review52026-06-03
2.2.7Review52026-06-03
2.2.6Review52026-06-03
2.2.5Review52026-06-03
2.2.4Review52026-06-03
2.2.3Review52026-06-03
2.2.2Review52026-06-03
2.2.1Review52026-06-03
2.2.0Review52026-06-03
0.0.0-reservedLow risk02026-05-27

Block this in CI

PkgRadar gates @mk-co/neox-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @mk-co/[email protected]
Start free — 25 scans / moView full evidence