PkgRadar

npm · registry.npmjs.org

@schoolai/shipyard

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 3.11.1-rc.20260612.0

SeveritySignalEvidence
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/chunk-JKKKUMTY.js
highInstall Lifecycle Remote Or Execpostinstall="node -e \"const fs=require('fs'),path=require('path');const d=path.join(__dirname,'node_modules','node-pty','prebuilds');if(fs.existsSync(d))for(const a of fs.readdirSync(d)){const h=path.join(d,a,'spawn-helper');try{fs.chmodSync(h,0o755)}catch{}}\"" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
3.11.1-rc.20260612.0Review252026-06-12
3.11.1-nightly.20260612.0Review252026-06-12
3.11.1-rc.20260611.0Review252026-06-11
3.11.1Review252026-06-10
3.11.1-rc.20260610.0Review252026-06-10
3.11.0-nightly.20260610.0Review252026-06-10
3.11.0-rc.20260610.0Review252026-06-10
3.11.0Review252026-06-10
3.11.0-rc.20260609.0Review252026-06-09
3.10.0Review252026-06-09
3.10.0-rc.20260609.1Review252026-06-09
3.10.0-rc.20260609.0Review252026-06-09
3.9.1-nightly.20260608.0Review252026-06-08
3.9.1-nightly.20260607.0Review252026-06-07
3.9.1Review252026-06-06
3.9.1-rc.20260606.1Review252026-06-06
3.9.1-rc.20260606.0Review252026-06-06
3.9.0-rc.20260606.0Review252026-06-06
3.8.0Review252026-06-06
3.8.0-rc.20260605.2Review252026-06-05
3.8.0-rc.20260605.1Review252026-06-05
3.8.0-nightly.20260605.0Review252026-06-05
3.8.0-rc.20260605.0Review252026-06-05
3.8.0-nightly.20260604.0Review252026-06-04
3.8.0-rc.20260604.1Review252026-06-04
3.8.0-rc.20260604.0Review252026-06-04
3.8.0-rc.20260603.3Review252026-06-03
3.8.0-rc.20260603.2Review252026-06-03
3.8.0-nightly.20260603.0Review252026-06-03
3.8.0-rc.20260603.1Review252026-06-03
3.8.0-rc.20260603.0Review252026-06-03
3.8.0-rc.20260602.2Review252026-06-02
3.8.0-rc.20260602.1Review252026-06-02
3.8.0-rc.20260602.0Review252026-06-02
3.8.0-rc.20260601.7Review252026-06-01
3.8.0-rc.20260601.8Review252026-06-01
3.8.0-rc.20260601.6Review252026-06-01
3.8.0-rc.20260601.5Review252026-06-01
3.8.0-rc.20260601.4Review252026-06-01
3.8.0-nightly.20260601.0Review252026-06-01
3.8.0-rc.20260601.3Review252026-06-01
3.8.0-rc.20260601.2Review252026-06-01
3.8.0-rc.20260601.1Review252026-06-01
3.8.0-rc.20260601.0Review252026-06-01
3.8.0-rc.20260531.1Review252026-05-31
3.8.0-rc.20260531.0Review252026-05-31
3.8.0-nightly.20260531.0Review252026-05-31
3.8.0-rc.20260530.2Review252026-05-30
3.8.0-rc.20260530.1Review252026-05-30
3.8.0-rc.20260530.0Review252026-05-30
3.8.0-rc.20260529.2Review252026-05-29
3.8.0-rc.20260529.1Review252026-05-29
3.8.0-rc.20260529.0Review162026-05-29
3.7.0-rc.20260529.0Review162026-05-29
3.7.0-rc.20260528.3Review162026-05-29
3.7.0-rc.20260528.2Review162026-05-28
3.7.0-nightly.20260528.0Review292026-05-28
3.7.0-rc.20260528.0Review292026-05-28
3.7.0-rc.20260528.1Review292026-05-28
3.7.0-rc.20260527.0Review162026-05-27
3.7.0-nightly.20260527.0Review162026-05-27
3.7.0-rc.20260526.5Review162026-05-27
3.7.0-rc.20260526.3Review162026-05-26
3.7.0-rc.20260526.4Review162026-05-26
3.7.0-nightly.20260526.0Review162026-05-26
3.7.0-rc.20260526.2Review162026-05-26
3.7.0-rc.20260526.1Review162026-05-26
3.7.0-rc.20260526.0Review162026-05-26
3.7.0-rc.20260525.1Review162026-05-25
3.7.0-nightly.20260525.0Review592026-05-25
3.7.0-rc.20260525.0Review972026-05-25
3.7.0-rc.20260523.3Review972026-05-24
3.7.0-nightly.20260524.0Review972026-05-24

Block this in CI

PkgRadar gates @schoolai/shipyard (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @schoolai/[email protected]
Start free — 25 scans / moView full evidence