npm · registry.npmjs.org

cielara

Install-time lifecycle script: postinstall="node scripts/postinstall.js"

Why PkgRadar flagged 0.1.20

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	postinstall added in 0.1.20 vs 0.0.1: "node scripts/postinstall.js" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.20`	High risk	45	2026-06-10
`0.1.34`	Review	1	2026-06-05
`0.1.33`	Review	1	2026-06-05
`0.1.32`	Review	1	2026-06-05
`0.1.31`	Review	1	2026-06-05
`0.1.30`	Review	1	2026-06-05
`0.1.29`	Review	1	2026-06-05
`0.1.28`	Review	1	2026-06-05
`0.1.27`	Review	1	2026-06-04
`0.1.25`	Review	1	2026-06-03
`0.1.24`	Review	1	2026-06-03
`0.1.22`	Review	1	2026-06-01
`0.1.23`	Review	1	2026-06-01
`0.1.21`	Review	1	2026-06-01
`0.0.1`	Low risk	0	2026-05-30

Block this in CI

PkgRadar gates cielara (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]