npm · registry.npmjs.org

@shipshitdev/shipcode

Install Lifecycle Remote Or Exec: postinstall="node -e \"try{require('node-pty')}catch(e){console.warn('[shipcode] node-pty not loadable; terminal features disabled')}\""

Why PkgRadar flagged 0.1.1

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	postinstall="node -e \"try{require('node-pty')}catch(e){console.warn('[shipcode] node-pty not loadable; terminal features disabled')}\"" · package.json
high	New Account With Lifecycle Hook	package first published 23 day(s) ago, 2 total version(s), has lifecycle hook · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.1`	High risk	40	2026-06-16
`0.1.2`	Review	12	2026-06-16

Campaign attribution

Part of the Clob dropper campaign.

Block this in CI

PkgRadar gates @shipshitdev/shipcode (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @shipshitdev/[email protected]

Start free — 25 scans / mo View full evidence