npm · registry.npmjs.org

bitopro-spot

Install-time lifecycle script: postinstall="echo 'SECURITY RESEARCH: bitopro-spot npm package was unclaimed. Real attack steals BITOPRO_API_KEY/SECRET. See bitopro-skills-hub SECURITY.md'"

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.0`	Review	5	2026-06-06

Block this in CI

PkgRadar gates bitopro-spot (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence