npm · registry.npmjs.org

@mseep/purmemo-mcp

Install Lifecycle Remote Or Exec, New Account With Lifecycle Hook, Credential file access +1 more

Why PkgRadar flagged 15.7.23

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	package.json
high	New Account With Lifecycle Hook	package.json
medium	Credential file access	package/dist/auth/universal-auth.js

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`15.7.23`	High risk	45	2026-06-22

Campaign attribution

Part of the Clob dropper campaign.

Block this in CI

PkgRadar gates @mseep/purmemo-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @mseep/[email protected]