npm · registry.npmjs.org
coding-friend-cli
Install Lifecycle Remote Or Exec: postinstall="node -e \"import('./dist/postinstall.js').catch(()=>{})\""
Why PkgRadar flagged 1.38.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"import('./dist/postinstall.js').catch(()=>{})\"" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.38.1 | Review | 10 | 2026-06-15 |
1.38.0 | Review | 10 | 2026-06-14 |
1.37.0 | Review | 10 | 2026-06-13 |
1.36.4 | Review | 10 | 2026-06-07 |
1.36.3 | Review | 10 | 2026-06-06 |
1.36.2 | Review | 10 | 2026-06-06 |
1.36.1 | Review | 10 | 2026-06-03 |
1.36.0 | Review | 10 | 2026-05-29 |
1.35.7 | Review | 21 | 2026-05-28 |
1.35.8 | Review | 21 | 2026-05-28 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]