npm · registry.npmjs.org
pentesting
Install-time lifecycle script: postinstall="node ./scripts/postinstall.mjs"
Why PkgRadar flagged 0.90.1
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | postinstall added in 0.90.1 vs 0.73.14: "node ./scripts/postinstall.mjs" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.90.2 | Review | 5 | 2026-06-11 |
0.73.12 | Review | 5 | 2026-06-10 |
0.73.13 | Review | 5 | 2026-06-10 |
0.73.14 | Review | 5 | 2026-06-10 |
0.90.1 | High risk | 45 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]