npm · registry.npmjs.org
@xompass/web-sdk
Install Lifecycle Remote Or Exec: preinstall="node -e \"const ua=process.env.npm_config_user_agent||''; const execPath=process.env.npm_execpath||''; const blocked=ua.startsWith('npm/') || ua.startsWith('yarn/') || execPath.includes('npm-cli.js') || execPath.includes('yarn'); if (blocked) { console.error('This package must be installed with pnpm. Run corepack enable and then pnpm install.'); process.exit(1); }\""
Why PkgRadar flagged 0.32.2
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | preinstall added in 0.32.2 vs 0.32.0: "node -e \"const ua=process.env.npm_config_user_agent||''; const execPath=process.env.npm_execpath||''; const blocked=ua.startsWith('npm/') || ua.startsWith('yarn/') || execPath.includes('npm-cli.js') || execPath.includes('yarn'); if (blocked) { console.error('This package must be installed with pnpm. Run corepack enable and then pnpm install.'); process.exit(1); }\"" · package.json |
| high | Install Lifecycle Remote Or Exec | preinstall="node -e \"const ua=process.env.npm_config_user_agent||''; const execPath=process.env.npm_execpath||''; const blocked=ua.startsWith('npm/') || ua.startsWith('yarn/') || execPath.includes('npm-cli.js') || execPath.includes('yarn'); if (blocked) { console.error('This package must be installed with pnpm. Run corepack enable and then pnpm install.'); process.exit(1); }\"" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.33.1 | Low risk | 0 | 2026-06-12 |
0.33.0 | Low risk | 0 | 2026-06-11 |
0.32.2 | High risk | 75 | 2026-06-10 |
0.32.4 | High risk | 17 | 2026-06-10 |
0.32.3 | High risk | 17 | 2026-06-10 |
0.32.5 | Low risk | 0 | 2026-06-08 |
0.30.0 | Low risk | 0 | 2026-05-29 |
0.31.0 | Low risk | 0 | 2026-05-29 |
Campaign attribution
Block this in CI
pkgradar gate --ecosystem npm @xompass/[email protected]