npm · registry.npmjs.org
@stockrepublic/republic-components
Install Lifecycle Repeated Payload: preinstall,install="node index.js"
Why PkgRadar flagged 100.0.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Repeated Payload | preinstall,install="node index.js" · package.json |
| medium | Remote Payload | matched "curl " · package/index.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
100.0.0 | High risk | 47 | 2026-06-03 |
99.0.0 | High risk | 94 | 2026-05-24 |
Related campaigns
- install_lifecycle_remote_or_exec:preinstall="node index.js" — 14 releases, max score 117
- stockrepublic — 2 releases, max score 157
- install_lifecycle_script:preinstall="node index.js" — 2 releases, max score 157
- install_lifecycle_script:install="node index.js" — 2 releases, max score 157
- install_lifecycle_remote_or_exec:install="node index.js" — 2 releases, max score 157
Block this in CI
pkgradar gate --ecosystem npm @stockrepublic/[email protected]