npm · registry.npmjs.org
@torchlab/fhir
New Account With Lifecycle Hook: package first published 11 day(s) ago, 4 total version(s), has lifecycle hook
Why PkgRadar flagged 1.0.1
| Severity | Signal | Evidence |
|---|---|---|
| high | New Account With Lifecycle Hook | package first published 11 day(s) ago, 4 total version(s), has lifecycle hook · package.json |
| medium | Remote Payload | matched "curl " · package/env-check/torch-env-check.sh |
| medium | Remote Payload | matched "curl " · package/ig-scaffold/torch-ig-scaffold.sh |
| medium | Remote Payload | matched "curl " · package/profile-setup/torch-profile-setup.sh |
| medium | Remote Payload | matched "curl " · package/validator/torch-validate.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.1 | High risk | 53 | 2026-06-10 |
1.0.0 | Review | 5 | 2026-06-01 |
0.1.0 | Review | 53 | 2026-05-30 |
0.1.1 | Review | 53 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem npm @torchlab/[email protected]