npm · registry.npmjs.org

@plone/mockup

Install Lifecycle Suppresses Failure: postinstall="patch --forward node_modules/select2/select2.js < patches/select2.patch || true"

Why PkgRadar flagged 5.6.6

Severity	Signal	Evidence
high	Install Lifecycle Suppresses Failure	postinstall="patch --forward node_modules/select2/select2.js < patches/select2.patch \|\| true" · package.json
medium	Remote Dependency Spec	dependencies.select2="github:ivaynberg/select2#95a977f674b6938af55ec5f28b7772df93786c5c" · package.json
medium	Remote Dependency Spec	dependencies.slick-carousel="git+https://github.com/kenwheeler/slick.git#d0716f19aa730006ee80ab026625fb1107816a97" · package.json
medium	Remote Dependency Spec	dependencies.slides="git+https://github.com/Patternslib/slides.git" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`5.6.6`	High risk	30	2026-06-08
`5.4.8`	High risk	18	2026-06-08
`5.6.4`	High risk	18	2026-06-08
`5.4.9`	High risk	18	2026-06-08
`5.6.5`	High risk	85	2026-06-08

Block this in CI

PkgRadar gates @plone/mockup (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @plone/[email protected]