npm · registry.npmjs.org

codeseek

Install Lifecycle Remote Or Exec: postinstall="node -e \"var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)\" || true"

Why PkgRadar flagged 0.1.11

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	postinstall="node -e \"var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)\" \|\| true" · package.json
high	Install Lifecycle Suppresses Failure	postinstall="node -e \"var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)\" \|\| true" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.11`	High risk	55	2026-06-06
`0.1.9`	High risk	55	2026-06-06
`0.1.0`	High risk	55	2026-06-06

Block this in CI

PkgRadar gates codeseek (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]