npm · registry.npmjs.org

dp-key

Install Lifecycle Remote Or Exec: postinstall="node -e \"require('fs').chmodSync(require('path').join(__dirname,'binaries','dp-key-darwin-amd64'),0o755);require('fs').chmodSync(require('path').join(__dirname,'binaries','dp-key-darwin-arm64'),0o755);require('fs').chmodSync(require('path').join(__dirname,'binaries','dp-key-linux-amd64'),0o755);require('fs').chmodSync(require('path').join(__dirname,'binaries','dp-key-windows-amd64.exe'),0o755)\""

Why PkgRadar flagged 0.0.7

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	postinstall="node -e \"require('fs').chmodSync(require('path').join(__dirname,'binaries','dp-key-darwin-amd64'),0o755);require('fs').chmodSync(require('path').join(__dirname,'binaries','dp-key-darwin-arm64'),0o755);require('fs').chmodSync(require('path').join(__dirname,'binaries','dp-key-linux-amd64'),0o755);require('fs').chmodSync(require('path').join(__dirname,'binaries','dp-key-windows-amd64.exe'),0o755)\"" · package.json
medium	New Account With Lifecycle Hook	package first published 0 day(s) ago, 6 total version(s), has lifecycle hook · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.7`	High risk	35	2026-06-12
`0.0.5`	High risk	75	2026-06-12
`0.0.6`	High risk	35	2026-06-12
`0.0.4`	Low risk	0	2026-06-12
`0.0.3`	Low risk	0	2026-06-12
`0.0.2`	Low risk	0	2026-06-12
`0.0.1`	Low risk	0	2026-06-12

Related campaigns

dpfan — 3 releases, max score 75

Block this in CI

PkgRadar gates dp-key (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence