npm · registry.npmjs.org
@smg-automotive/components
Install-time lifecycle script: postinstall="npm run typegen"
Why PkgRadar flagged 25.29.0-chakra-v3.1
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | postinstall added in 25.29.0-chakra-v3.1 vs 25.28.1-ui-dependencies.1: "npm run typegen" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
25.29.0-chakra-v3.1 | High risk | 45 | 2026-06-13 |
25.29.1-ui-dependencies.1 | Low risk | 0 | 2026-06-11 |
25.28.0-box-as-fix.1 | High risk | 45 | 2026-06-10 |
25.30.0-chakra-v3.1 | High risk | 45 | 2026-06-10 |
25.29.0 | Low risk | 0 | 2026-06-08 |
25.29.0-talamcol-message-sparkle.1 | Low risk | 0 | 2026-06-08 |
25.28.1-ui-dependencies.1 | Low risk | 0 | 2026-05-28 |
25.28.0-chakra-v3.4 | Review | 2 | 2026-05-28 |
25.28.0-box-as-fix.2 | Review | 2 | 2026-05-28 |
25.28.0 | Low risk | 0 | 2026-05-28 |
25.28.0-chakra-v3.2 | Review | 2 | 2026-05-26 |
25.27.0-ST-1872-optimizer-navigation-link.8 | Low risk | 0 | 2026-05-25 |
25.27.0-ST-1872-optimizer-navigation-link.9 | Low risk | 0 | 2026-05-25 |
Campaign attribution
Block this in CI
pkgradar gate --ecosystem npm @smg-automotive/[email protected]