PkgRadar

npm · registry.npmjs.org

apify-cli

Install Lifecycle Remote Or Exec: postinstall="node -e \"console.log('We have an active developer community on Discord. You can find it on https://discord.gg/crawlee-apify-801163717915574323.');\""

Why PkgRadar flagged 1.6.3-beta.4

SeveritySignalEvidence
highInstall Lifecycle Remote Or Execpostinstall="node -e \"console.log('We have an active developer community on Discord. You can find it on https://discord.gg/crawlee-apify-801163717915574323.');\"" · package.json
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/_register-DTarVRWq.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.6.3-beta.4Review142026-06-17
1.6.3-beta.3Review142026-06-10
1.6.3-beta.2Review142026-06-08
1.6.3-beta.1Review142026-06-08
1.6.3-beta.0Review142026-06-04
1.6.2Review142026-06-03
1.6.2-beta.18Review142026-06-03
1.6.2-beta.17Review142026-06-03
1.6.2-beta.16Review142026-06-02
1.6.2-beta.15Review52026-05-29
1.6.2-beta.13Review52026-05-28
1.6.2-beta.14Review52026-05-28
1.6.2-beta.8Review52026-05-27
1.6.2-beta.9Review52026-05-27

Block this in CI

PkgRadar gates apify-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
apify-cli — npm security scan | PkgRadar