npm · registry.npmjs.org
@windmill-labs/components
Install Lifecycle Remote Or Exec: postinstall="node -e \"if (require('fs').existsSync('./scripts/untar_ui_builder.js')) { require('child_process').execSync('node ./scripts/untar_ui_builder.js', {stdio: 'inherit'}) }\""
Why PkgRadar flagged 1.706.4
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"if (require('fs').existsSync('./scripts/untar_ui_builder.js')) { require('child_process').execSync('node ./scripts/untar_ui_builder.js', {stdio: 'inherit'}) }\"" · package.json |
| medium | New Account With Lifecycle Hook | package first published 17 day(s) ago, 7 total version(s), has lifecycle hook · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.706.4 | High risk | 45 | 2026-06-08 |
1.706.6 | High risk | 45 | 2026-06-08 |
1.706.7 | High risk | 45 | 2026-06-08 |
1.719.0 | High risk | 45 | 2026-06-08 |
Block this in CI
pkgradar gate --ecosystem npm @windmill-labs/[email protected]