PkgRadar

npm ยท registry.npmjs.org

@vectrion/guard

Install Lifecycle Remote Or Exec: postinstall="node -e \"console.log('\\x1b[32m%s\\x1b[0m', ' ๐Ÿš€ Thanks for installing Vectrion! For guides and API docs, visit: https://vectrion.vercel.app/\\\\n Happy coding! ๐Ÿ’ปโœจ')\""

Why PkgRadar flagged 0.1.1

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 0.1.1 vs 0.1.0: "node -e \"console.log('\\x1b[32m%s\\x1b[0m', ' ๐Ÿš€ Thanks for installing Vectrion! For guides and API docs, visit: https://vectrion.vercel.app/\\\\n Happy coding! ๐Ÿ’ปโœจ')\"" ยท package.json
highInstall Lifecycle Remote Or Execpostinstall="node -e \"console.log('\\x1b[32m%s\\x1b[0m', ' ๐Ÿš€ Thanks for installing Vectrion! For guides and API docs, visit: https://vectrion.vercel.app/\\\\n Happy coding! ๐Ÿ’ปโœจ')\"" ยท package.json
highNew Account With Lifecycle Hookpackage first published 14 day(s) ago, 2 total version(s), has lifecycle hook ยท package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.1High risk752026-06-10
0.1.0Low risk02026-05-28

Related campaigns

Block this in CI

PkgRadar gates @vectrion/guard (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @vectrion/[email protected]
Start free โ€” 25 scans / moView full evidence