PkgRadar

npm · registry.npmjs.org

openclaw-diag-cli

Install-time lifecycle script: postinstall="node scripts/postinstall.js"

Why PkgRadar flagged 1.1.0

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 1.1.0 vs 1.0.6: "node scripts/postinstall.js" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.10.3Low risk02026-06-16
1.10.4Low risk02026-06-16
1.10.2Low risk02026-06-16
1.10.1Low risk02026-06-16
1.9.0Low risk02026-06-12
1.8.7Low risk02026-06-11
1.8.6Low risk02026-06-11
1.8.4Low risk02026-06-11
1.8.3Low risk02026-06-11
1.8.2Low risk02026-06-11
1.8.1Low risk02026-06-11
1.8.0Low risk02026-06-10
1.1.0High risk452026-06-10
1.7.0Low risk02026-06-09
1.6.0Low risk02026-06-09
1.5.2Low risk02026-06-08
1.5.1Low risk02026-06-08
1.5.0Low risk02026-06-08
1.4.21Low risk02026-06-05
1.4.20Low risk02026-06-05
1.4.19Low risk02026-06-05
1.4.18Low risk02026-06-05
1.4.17Low risk02026-06-05
1.4.16Low risk02026-06-05
1.4.15Low risk02026-06-05
1.4.14Low risk02026-06-05
1.4.12Low risk02026-06-04
1.4.13Low risk02026-06-04
1.4.8Low risk02026-06-04
1.4.9Low risk02026-06-04
1.4.2Low risk02026-06-04
1.4.1Low risk02026-06-03
1.4.0Low risk02026-06-03
1.3.3Low risk02026-06-03
1.3.2Low risk02026-06-03
1.3.1Low risk02026-06-03
1.3.0Low risk02026-06-03
1.2.5Low risk02026-06-03
1.2.4Low risk02026-06-03
1.2.3Low risk02026-06-02
1.2.2Low risk02026-06-02
1.1.1Low risk02026-06-02
0.6.2Low risk02026-06-02
0.6.1Review52026-05-26
0.6.0Review52026-05-26

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates openclaw-diag-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence