npm · registry.npmjs.org
@udx/dev-kit
Install Lifecycle Remote Or Exec: postinstall="if [ \"$npm_config_global\" = \"true\" ]; then bash bin/scripts/npm-postinstall.sh || true; fi"
Why PkgRadar flagged 0.13.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | postinstall="if [ \"$npm_config_global\" = \"true\" ]; then bash bin/scripts/npm-postinstall.sh || true; fi" · package.json |
| high | Install Lifecycle Suppresses Failure | postinstall="if [ \"$npm_config_global\" = \"true\" ]; then bash bin/scripts/npm-postinstall.sh || true; fi" · package.json |
| medium | Remote Payload | matched "curl " · package/bin/scripts/install.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.13.0 | Review | 20 | 2026-05-27 |
0.11.0 | Review | 20 | 2026-05-27 |
0.12.0 | Review | 20 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem npm @udx/[email protected]