npm · registry.npmjs.org
ccbaton
Install Lifecycle Remote Or Exec: postinstall="node -e \"require('fs').existsSync('dist/cli.js') && require('child_process').execFileSync('node', ['dist/cli.js', 'install', '--postinstall'], {stdio:'inherit'})\" || true"
Why PkgRadar flagged 0.3.5
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | postinstall added in 0.3.5 vs 0.3.4: "node -e \"require('fs').existsSync('dist/cli.js') && require('child_process').execFileSync('node', ['dist/cli.js', 'install', '--postinstall'], {stdio:'inherit'})\" || true" · package.json |
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"require('fs').existsSync('dist/cli.js') && require('child_process').execFileSync('node', ['dist/cli.js', 'install', '--postinstall'], {stdio:'inherit'})\" || true" · package.json |
| high | Install Lifecycle Suppresses Failure | postinstall="node -e \"require('fs').existsSync('dist/cli.js') && require('child_process').execFileSync('node', ['dist/cli.js', 'install', '--postinstall'], {stdio:'inherit'})\" || true" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.3.5 | High risk | 95 | 2026-06-12 |
0.3.6 | High risk | 55 | 2026-06-12 |
0.3.7 | High risk | 55 | 2026-06-12 |
0.4.0 | Review | 16 | 2026-06-12 |
Related campaigns
- mjbarefo — 3 releases, max score 95
Block this in CI
pkgradar gate --ecosystem npm [email protected]