PkgRadar

npm · registry.npmjs.org

@shyakatv/backend

Install Lifecycle Remote Or Exec: postinstall="node -e \"if (!require('fs').existsSync('.env')) require('fs').copyFileSync('.env.example', '.env')\""

Why PkgRadar flagged 1.0.1

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 1.0.1 vs 1.0.0: "node -e \"if (!require('fs').existsSync('.env')) require('fs').copyFileSync('.env.example', '.env')\"" · package.json
highInstall Lifecycle Remote Or Execpostinstall="node -e \"if (!require('fs').existsSync('.env')) require('fs').copyFileSync('.env.example', '.env')\"" · package.json
highNew Account With Lifecycle Hookpackage first published 15 day(s) ago, 2 total version(s), has lifecycle hook · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.1High risk752026-06-10
1.0.0Low risk02026-05-26

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Related campaigns

Block this in CI

PkgRadar gates @shyakatv/backend (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @shyakatv/[email protected]
Start free — 25 scans / moView full evidence