PkgRadar

npm · registry.npmjs.org

pgroll

Install-time lifecycle script: preinstall="npx only-allow pnpm"

Why PkgRadar flagged 0.0.8

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspreinstall added in 0.0.8 vs 0.0.7: "npx only-allow pnpm" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.8High risk452026-06-03
0.0.9Review52026-05-28

Block this in CI

PkgRadar gates pgroll (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence