PkgRadar

npm · registry.npmjs.org

@team-agent/installer

Credential file access: matched ".npmrc"

Why PkgRadar flagged 0.2.6

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 0.2.6 vs 0.2.5: "node npm/bincheck.mjs" · package.json
mediumCredential file accessmatched ".npmrc" · package/npm/bincheck.mjs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.3.21Review42026-06-13
0.3.20Review42026-06-12
0.3.19Review42026-06-12
0.3.18Review42026-06-12
0.3.17Review42026-06-12
0.3.16Review42026-06-12
0.3.15Review42026-06-12
0.3.14Review42026-06-12
0.3.13Review42026-06-11
0.3.12Review42026-06-11
0.3.11Review42026-06-11
0.3.10Review42026-06-11
0.3.9Review42026-06-11
0.3.8Review42026-06-11
0.3.7Review42026-06-11
0.3.6Review42026-06-10
0.3.5Review42026-06-10
0.2.6High risk552026-06-10
0.3.4Review42026-06-09
0.3.3Review42026-06-09
0.3.2Review42026-06-07
0.3.1Review42026-06-06
0.3.0Review42026-06-06
0.2.11Review42026-06-02
0.2.10Review42026-05-31
0.2.9Review42026-05-31
0.2.8Review42026-05-30
0.2.7Review42026-05-29
0.2.4Low risk02026-05-28
0.2.5Low risk02026-05-28
0.2.3Low risk02026-05-26
0.2.2Low risk02026-05-26
0.2.1Low risk02026-05-25
0.2.0Low risk02026-05-25
0.1.11Low risk02026-05-25

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @team-agent/installer (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @team-agent/[email protected]
Start free — 25 scans / moView full evidence