PkgRadar

npm · registry.npmjs.org

dotmd-cli

Install-time lifecycle script: postinstall="node scripts/postinstall.mjs"

Why PkgRadar flagged 0.55.0

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 0.55.0 vs 0.54.0: "node scripts/postinstall.mjs" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.61.0Review12026-06-12
0.60.0Review12026-06-10
0.55.0High risk452026-06-10
0.59.0Review12026-06-03
0.58.0Review12026-06-03
0.57.0Review12026-06-03
0.56.0Review12026-06-03
0.54.0Low risk02026-06-03
0.53.0Low risk02026-06-03
0.52.0Low risk02026-06-03
0.51.0Low risk02026-06-02
0.50.2Low risk02026-05-30
0.50.1Low risk02026-05-30
0.50.0Low risk02026-05-30
0.49.5Low risk02026-05-29
0.49.4Low risk02026-05-29
0.49.3Low risk02026-05-29
0.49.2Low risk02026-05-29
0.49.0Low risk02026-05-29
0.49.1Low risk02026-05-29
0.48.4Low risk02026-05-28
0.48.2Low risk02026-05-28
0.48.3Low risk02026-05-28
0.42.1Low risk02026-05-27
0.42.0Low risk02026-05-27
0.39.8Low risk02026-05-27
0.39.9Low risk02026-05-27
0.39.1Low risk02026-05-26
0.38.1Low risk02026-05-26
0.39.0Low risk02026-05-26
0.38.0Low risk02026-05-26
0.37.0Low risk02026-05-26
0.36.3Low risk02026-05-26
0.36.2Low risk02026-05-26
0.36.1Low risk02026-05-26
0.36.0Low risk02026-05-26
0.35.0Low risk02026-05-26
0.34.0Low risk02026-05-25
0.33.0Low risk02026-05-25
0.32.1Low risk02026-05-24
0.32.0Low risk02026-05-24
0.31.4Low risk02026-05-24
0.31.3Low risk02026-05-24
0.31.2Low risk02026-05-24

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates dotmd-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence