PkgRadar

npm · registry.npmjs.org

@qoder-ai/qodercli

Install Lifecycle Remote Or Exec: postinstall="node -e \"try{require('child_process').execSync('rg --version',{stdio:'ignore'})}catch{console.log('\\n ripgrep (rg) not found. Install for best search: https://github.com/BurntSushi/ripgrep#installation\\n')}\""

Why PkgRadar flagged 0.2.2-beta.10

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 0.2.2-beta.10 vs 0.2.2-beta.9: "node -e \"try{require('child_process').execSync('rg --version',{stdio:'ignore'})}catch{console.log('\\n ripgrep (rg) not found. Install for best search: https://github.com/BurntSushi/ripgrep#installation\\n')}\"" · package.json
highInstall Lifecycle Remote Or Execpostinstall="node -e \"try{require('child_process').execSync('rg --version',{stdio:'ignore'})}catch{console.log('\\n ripgrep (rg) not found. Install for best search: https://github.com/BurntSushi/ripgrep#installation\\n')}\"" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.2-beta.2Review32026-06-15
0.2.2-beta.10High risk752026-06-15
1.0.21Review32026-06-15
1.0.20Review32026-06-13
1.0.19Review32026-06-12
1.0.18Review22026-06-11
0.2.2-beta.4Low risk02026-06-10
1.0.17Review22026-06-10
1.0.16Review22026-06-09
1.0.15-beta2Review22026-06-09
1.0.15-beta1Review22026-06-09
1.0.15Review22026-06-09
1.0.14Review22026-06-04
1.0.14-beta1Review22026-06-04
1.0.13Review22026-06-03
1.0.12Review32026-06-02
1.0.12-beta3Review32026-06-02
1.0.12-beta4Review32026-06-02
1.0.12-beta1Review32026-06-02
1.0.12-beta2Review32026-06-02
1.0.10Review32026-06-01
1.0.11Review32026-06-01
1.0.9Review32026-05-29
1.0.8Review72026-05-28
1.0.7Review72026-05-27
1.0.6Review72026-05-26
1.0.4Review72026-05-25
1.0.5Review72026-05-25

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Related campaigns

Block this in CI

PkgRadar gates @qoder-ai/qodercli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @qoder-ai/[email protected]
Start free — 25 scans / moView full evidence