PkgRadar

npm · registry.npmjs.org

@zapgo/pragma-ai

Install-time lifecycle script: postinstall="node ./postinstall.mjs"

Why PkgRadar flagged 1.15.22

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 1.15.22 vs 1.15.21: "node ./postinstall.mjs" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.15.22High risk452026-06-05
1.15.23Review52026-06-05
1.1.7-dev-202606051559Review52026-06-05
1.1.7-dev-202606051416Review52026-06-05
1.1.7-dev-202606051432Review52026-06-05
1.1.7-dev-202606051255Review52026-06-05
1.1.7-dev-202606051305Review52026-06-05
1.1.7-dev-202606050538Review52026-06-05
1.1.7-dev-202606050512Review52026-06-05
1.1.7-dev-202606050456Review52026-06-05
1.1.7-dev-202606050446Review52026-06-05
1.1.7-dev-202606050122-2Review52026-06-05
1.1.7-dev-202606050122-1Review52026-06-05
1.1.7-dev-202606050122Review52026-06-05
1.1.7-dev-202606042228Review52026-06-05
0.0.0-dev-202606041951Review52026-06-04
1.1.7-dev-202606042050Review52026-06-04

Block this in CI

PkgRadar gates @zapgo/pragma-ai (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @zapgo/[email protected]
Start free — 25 scans / moView full evidence