npm · registry.npmjs.org

@vellumai/web

Credential file access: matched ".ssh/"

Why PkgRadar flagged 0.8.6

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	postinstall added in 0.8.6 vs 0.0.1: "bun run scripts/postinstall.ts" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.8.12-dev.202606131340.9c0531a`	Review	2	2026-06-13
`0.8.12-dev.202606131247.4d64b75`	Review	2	2026-06-13
`0.8.12-dev.202606131055.4d64b75`	Review	2	2026-06-13
`0.8.12-dev.202606131142.4d64b75`	Review	2	2026-06-13
`0.8.12-dev.202606130730.4d64b75`	Review	5	2026-06-13
`0.8.12-dev.202606130914.4d64b75`	Review	5	2026-06-13
`0.8.12-dev.202606130540.3758c47`	Review	2	2026-06-13
`0.8.12-dev.202606130318.6b9805d`	Review	2	2026-06-13
`0.8.12-dev.202606130114.203bb30`	Review	2	2026-06-13
`0.8.12`	Review	2	2026-06-12
`0.8.12-dev.202606122337.5897832`	Review	2	2026-06-12
`0.8.12-dev.202606122239.169d5e4`	Review	5	2026-06-12
`0.8.12-staging.2`	Review	5	2026-06-12
`0.8.11-dev.202606122104.e5b9dd5`	Review	5	2026-06-12
`0.8.11-dev.202606122052.009469e`	Review	5	2026-06-12
`0.8.11-dev.202606122025.f06346f`	Review	2	2026-06-12
`0.8.11-dev.202606121945.5dce801`	Review	5	2026-06-12
`0.8.11-dev.202606121851.26d5122`	Review	2	2026-06-12
`0.8.11-dev.202606121625.5541181`	Review	5	2026-06-12
`0.8.11-dev.202606121512.871577`	Review	2	2026-06-12
`0.8.11-dev.202606121500.871577`	Review	2	2026-06-12
`0.8.12-staging.1`	Review	2	2026-06-12
`0.8.11-dev.202606121323.6ac9407`	Review	2	2026-06-12
`0.8.11-dev.202606121124.ef8e25a`	Review	5	2026-06-12
`0.8.11-dev.202606120935.ef8e25a`	Review	5	2026-06-12
`0.8.11-dev.202606120751.ef8e25a`	Review	5	2026-06-12
`0.8.11-dev.202606120544.842c4c6`	Review	5	2026-06-12
`0.8.11-dev.202606120321.552e02e`	Review	5	2026-06-12
`0.8.11-dev.202606120116.b9ee95b`	Review	5	2026-06-12
`0.8.11-dev.202606120012.5656fc7`	Review	5	2026-06-12
`0.8.11-dev.202606112338.1c15e19`	Review	5	2026-06-11
`0.8.11-dev.202606112241.9ae2fdc`	Review	5	2026-06-11
`0.8.11-dev.202606112147.04177ac`	Review	5	2026-06-11
`0.8.11-dev.202606112057.e4bc22e`	Review	5	2026-06-11
`0.8.11`	Review	5	2026-06-11
`0.8.10-dev.202606111910.ead7030`	Review	5	2026-06-11
`0.8.10-dev.202606111724.d4e5462`	Review	5	2026-06-11
`0.8.11-staging.1`	Review	5	2026-06-11
`0.8.10-dev.202606111519.39ad418`	Review	5	2026-06-11
`0.8.10-dev.202606111334.d8a7740`	Review	5	2026-06-11
`0.8.10-dev.202606111255.73ec993`	Review	5	2026-06-11
`0.8.10-dev.202606111245.be4218b`	Review	5	2026-06-11
`0.8.10-dev.202606111140.6a5e88c`	Review	5	2026-06-11
`0.8.10-dev.202606110941.6cb149d`	Review	5	2026-06-11
`0.8.10-dev.202606110755.6cb149d`	Review	5	2026-06-11
`0.8.10-dev.202606110544.2aed335`	Review	5	2026-06-11
`0.8.10-dev.202606110422.8c0e9aa`	Review	5	2026-06-11
`0.8.10-dev.202606110317.792ac3c`	Review	5	2026-06-11
`0.8.10-dev.202606110240.ef9212e`	Review	5	2026-06-11
`0.8.10-dev.202606110112.319a8d3`	Review	5	2026-06-11
`0.8.10-dev.202606110059.319a8d3`	Review	5	2026-06-11
`0.8.10-dev.202606102342.319a8d3`	Review	5	2026-06-10
`0.8.10-dev.202606102253.fbea648`	Review	5	2026-06-10
`0.8.10-dev.202606102242.5285563`	Review	5	2026-06-10
`0.8.10-dev.202606102225.a3947de`	Review	5	2026-06-10
`0.8.10-dev.202606102147.02afd31`	Review	5	2026-06-10
`0.8.10-dev.202606102100.3beeffc`	Review	5	2026-06-10
`0.8.10-dev.202606101903.31e26e6`	Review	5	2026-06-10
`0.8.10-dev.202606101714.d4b22de`	Review	5	2026-06-10
`0.8.10-dev.202606101514.1c52ced`	Review	5	2026-06-10
`0.8.10-dev.202606101436.d73da44`	Review	5	2026-06-10
`0.8.10-dev.202606101324.2fc90b3`	Review	5	2026-06-10
`0.8.10-dev.202606101122.0de2aff`	Review	5	2026-06-10
`0.8.10-dev.202606100742.99a7fab`	Review	5	2026-06-10
`0.8.10-dev.202606100925.28c1cfb`	Review	5	2026-06-10
`0.8.10-dev.202606100540.99a7fab`	Review	5	2026-06-10
`0.8.6`	High risk	50	2026-06-10
`0.8.10-dev.202606100317.c8b43c8`	Review	5	2026-06-10
`0.8.10-dev.202606100110.1d2c8c4`	Review	5	2026-06-10
`0.8.10-dev.202606092334.09948c8`	Review	5	2026-06-09
`0.8.10-dev.202606092238.d04fd59`	Review	5	2026-06-09
`0.8.9-dev.202606092139.1f3b646`	Review	5	2026-06-09
`0.8.10`	Review	5	2026-06-09
`0.8.9-dev.202606092047.e63da55`	Review	5	2026-06-09
`0.8.10-staging.1`	Review	5	2026-06-09
`0.8.9-dev.202606091946.122706e`	Review	5	2026-06-09
`0.8.9-dev.202606091926.ebb2d62`	Review	5	2026-06-09
`0.8.9`	Review	5	2026-06-09
`0.8.9-dev.202606091853.fbaa2ae`	Review	5	2026-06-09
`0.8.8-dev.202606091702.2771079`	Review	5	2026-06-09
`0.8.9-staging.5`	Review	5	2026-06-09
`0.8.8-dev.202606091516.3c27beb`	Review	5	2026-06-09
`0.8.8-dev.202606091311.113d87f`	Review	5	2026-06-09
`0.8.9-staging.4`	Review	5	2026-06-09
`0.8.8-dev.202606090339.ad6ec5a`	Review	5	2026-06-09
`0.8.8-dev.202606090318.74794fe`	Review	5	2026-06-09
`0.8.8-dev.202606090227.d9f1d29`	Review	5	2026-06-09
`0.8.8-dev.202606090218.6bcb462`	Review	5	2026-06-09
`0.8.8-dev.202606090104.b75d235`	Review	5	2026-06-09
`0.8.8-dev.202606082331.c911d0c`	Review	5	2026-06-08
`0.8.8-dev.202606082236.8dbacc9`	Review	5	2026-06-08
`0.8.9-staging.3`	Review	5	2026-06-08
`0.8.8-dev.202606082140.a5125fe`	Review	5	2026-06-08
`0.8.8-dev.202606082058.447e3b6`	Review	5	2026-06-08
`0.8.8-dev.202606081950.5bd40e7`	Review	5	2026-06-08
`0.8.8-dev.202606081859.f7bdc00`	Review	5	2026-06-08
`0.8.8-dev.202606081714.5590368`	Review	5	2026-06-08
`0.8.9-staging.2`	Review	5	2026-06-08
`0.8.8-dev.202606081515.c77a9b6`	Review	5	2026-06-08
`0.8.8-dev.202606081339.938c6ec`	Review	5	2026-06-08
`0.8.9-staging.1`	Review	5	2026-06-08
`0.8.8-dev.202606081143.f600053`	Review	5	2026-06-08
`0.8.8-dev.202606080544.8b7fbff`	Review	5	2026-06-08
`0.8.8-dev.202606080112.5f6d567`	Review	5	2026-06-08
`0.8.8-dev.202606080320.8b7fbff`	Review	5	2026-06-08
`0.8.8-dev.202606080009.0babb76`	Review	5	2026-06-08
`0.8.8-dev.202606072328.6710d73`	Review	5	2026-06-07
`0.8.8-dev.202606072131.4817a81`	Review	5	2026-06-07
`0.8.8-dev.202606072033.0e97ff6`	Review	5	2026-06-07
`0.8.8-dev.202606071935.547b6d2`	Review	5	2026-06-07
`0.8.8-dev.202606071835.08695c1`	Review	5	2026-06-07
`0.8.8-dev.202606071734.db66b83`	Review	5	2026-06-07
`0.8.8-dev.202606071535.f449fc1`	Review	5	2026-06-07
`0.8.8-dev.202606071441.cfe7f13`	Review	5	2026-06-07
`0.8.8-dev.202606071338.2b9914e`	Review	5	2026-06-07
`0.8.8-dev.202606071242.4ca7f3b`	Review	5	2026-06-07
`0.8.8-dev.202606071138.c258385`	Review	5	2026-06-07
`0.8.8-dev.202606071051.c258385`	Review	5	2026-06-07
`0.8.8-dev.202606070049.ca91213`	Review	5	2026-06-07
`0.8.8-dev.202606062128.ca91213`	Review	5	2026-06-06
`0.8.8-dev.202606062031.571ee14`	Review	5	2026-06-06
`0.8.8-dev.202606061935.99a472f`	Review	5	2026-06-06
`0.8.8-dev.202606061835.dc283b1`	Review	5	2026-06-06
`0.8.8-dev.202606061731.f1025b0`	Review	5	2026-06-06
`0.8.8-dev.202606061714.60a1761`	Review	5	2026-06-06
`0.8.8-dev.202606061701.9ee494c`	Review	5	2026-06-06
`0.8.8-dev.202606061631.10cd5fe`	Review	5	2026-06-06
`0.8.8-dev.202606061533.1a66375`	Review	5	2026-06-06
`0.8.8-dev.202606061135.a446a08`	Review	5	2026-06-06
`0.8.8-dev.202606061043.373bc8f`	Review	5	2026-06-06
`0.8.8-dev.202606060901.61e1660`	Review	5	2026-06-06
`0.8.8-dev.202606060043.60454ad`	Review	5	2026-06-06
`0.8.8-dev.202606052332.17fc8ea`	Review	5	2026-06-05
`0.8.8`	Review	5	2026-06-05
`0.8.7-dev.202606052232.2ddc989`	Review	5	2026-06-05
`0.8.7-dev.202606052220.6efc86d`	Review	5	2026-06-05
`0.8.7-dev.202606052135.3e62c5a`	Review	5	2026-06-05
`0.8.7-dev.202606052118.34cd356`	Review	5	2026-06-05
`0.8.7`	Review	5	2026-06-03
`0.0.1`	Review	5	2026-05-29

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @vellumai/web (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @vellumai/[email protected]

Start free — 25 scans / mo View full evidence