npm · registry.npmjs.org

@shelf/dynamodb-query-optimized

Install-time lifecycle script: preinstall="npx only-allow pnpm"

Why PkgRadar flagged 5.0.0

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	preinstall added in 5.0.0 vs 4.1.1: "npx only-allow pnpm" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`5.0.0`	High risk	45	2026-06-13
`4.0.2`	Review	10	2026-06-12
`4.1.0`	Review	10	2026-06-12
`4.1.1`	Low risk	0	2026-05-29

Campaign attribution

Block this in CI

PkgRadar gates @shelf/dynamodb-query-optimized (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @shelf/[email protected]