npm · registry.npmjs.org
lynkr
Remote Payload: matched "raw.githubusercontent.com"
Why PkgRadar flagged 9.5.0
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | postinstall added in 9.5.0 vs 9.4.6: "node scripts/check-native.js" · package.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/src/routing/model-registry.js |
| medium | Remote Payload | matched "curl " · package/benchmark-configs/portkey-docker.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
9.5.0 | High risk | 74 | 2026-06-11 |
9.4.6 | Review | 20 | 2026-06-08 |
9.4.5 | Review | 20 | 2026-06-08 |
9.4.4 | Review | 20 | 2026-06-08 |
9.4.3 | Review | 20 | 2026-06-08 |
9.4.2 | Review | 20 | 2026-06-08 |
9.4.1 | Review | 20 | 2026-06-08 |
9.4.0 | Review | 20 | 2026-06-07 |
9.3.3 | Review | 17 | 2026-05-30 |
9.3.1 | Review | 17 | 2026-05-30 |
9.3.2 | Review | 17 | 2026-05-30 |
9.2.3 | Review | 17 | 2026-05-30 |
9.2.2 | Review | 17 | 2026-05-30 |
9.2.1 | Review | 17 | 2026-05-30 |
9.2.0 | Review | 17 | 2026-05-30 |
9.1.9 | Review | 17 | 2026-05-30 |
9.1.8 | Review | 17 | 2026-05-30 |
9.1.7 | Review | 17 | 2026-05-30 |
9.1.6 | Review | 17 | 2026-05-30 |
9.1.5 | Review | 17 | 2026-05-30 |
9.1.4 | Review | 17 | 2026-05-29 |
9.1.2 | Review | 17 | 2026-05-29 |
9.1.3 | Review | 17 | 2026-05-29 |
Campaign attribution
Block this in CI
pkgradar gate --ecosystem npm [email protected]