npm · registry.npmjs.org
cms-storehub
Install-time lifecycle script: install="node install.js"
Early detection
PkgRadar flagged this 1h before public disclosure
Detected 2026-05-30 · disclosed as MAL-2026-5097 on 2026-05-30
Why PkgRadar flagged 1.3.1
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | install added in 1.3.1 vs 1.3.0: "node install.js" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.0.1-security | Low risk | 0 | 2026-06-01 |
1.3.6 | Review | 22 | 2026-05-30 |
1.3.5 | Review | 22 | 2026-05-30 |
1.3.4 | Review | 5 | 2026-05-30 |
1.3.3 | Review | 5 | 2026-05-30 |
1.3.1 | High risk | 45 | 2026-05-30 |
1.3.2 | Review | 5 | 2026-05-30 |
1.3.0 | Review | 5 | 2026-05-30 |
1.2.9 | Review | 5 | 2026-05-30 |
1.2.8 | Review | 5 | 2026-05-30 |
1.2.7 | Review | 5 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]