PkgRadar

npm · registry.npmjs.org

@rightcapital/php-parser

Install Lifecycle Suppresses Failure: postinstall="command -v composer >/dev/null 2>&1 && composer install || echo 'Composer not found, skipping.'"

Why PkgRadar flagged 1.5.4

SeveritySignalEvidence
highInstall Lifecycle Suppresses Failurepostinstall="command -v composer >/dev/null 2>&1 && composer install || echo 'Composer not found, skipping.'" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.5.4Review92026-06-11
1.5.5-renovate-lock-file-maintenance.2427.1.0Review92026-06-11
1.5.5-chore-renovate-update-reviewer-frantic1048.2416.1.0Review92026-06-04
1.5.5-renovate-lock-file-maintenance.2414.1.0Review92026-06-01
1.5.5-renovate-lock-file-maintenance.2394.1.0Review92026-05-28
1.5.5-renovate-lock-file-maintenance.2409.1.0Review92026-05-28

Block this in CI

PkgRadar gates @rightcapital/php-parser (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @rightcapital/[email protected]
Start free — 25 scans / moView full evidence