Loading the latest scan…
npm · registry.npmjs.org
Install Lifecycle Repeated Payload, New Account With Lifecycle Hook, Remote Payload +1 more
Early detection
PkgRadar flagged this 1h before public disclosure
Detected 2026-05-24 · disclosed as MAL-2026-4289 on 2026-05-24
Why PkgRadar flagged 100.0.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Repeated Payload | — |
| high | New Account With Lifecycle Hook | — |
| medium | Remote Payload | — |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
100.0.0 | High risk | 47 | 2026-06-23 |
99.0.0 | High risk | 0 | 2026-05-24 |
Related campaigns
Block this in CI
pkgradar gate --ecosystem npm @stockrepublic/[email protected]