npm · registry.npmjs.org
pi-tps-was-taken
Install Lifecycle Remote Or Exec: postinstall="node -e \"const fs=require('fs'),path=require('path');const src=path.resolve(__dirname,'pi-tps-was-taken.ts');const dst=path.join(process.env.HOME,'.pi','agent','extensions');if(!fs.existsSync(dst))fs.mkdirSync(dst,{recursive:true});fs.copyFileSync(src,path.join(dst,'pi-tps-was-taken.ts'));console.log('✓ pi-tps-was-taken extension installed to ~/.pi/agent/extensions/pi-tps-was-taken.ts')\""
Why PkgRadar flagged 1.0.5
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"const fs=require('fs'),path=require('path');const src=path.resolve(__dirname,'pi-tps-was-taken.ts');const dst=path.join(process.env.HOME,'.pi','agent','extensions');if(!fs.existsSync(dst))fs.mkdirSync(dst,{recursive:true});fs.copyFileSync(src,path.join(dst,'pi-tps-was-taken.ts'));console.log('✓ pi-tps-was-taken extension installed to ~/.pi/agent/extensions/pi-tps-was-taken.ts')\"" · package.json |
| medium | New Account With Lifecycle Hook | package first published 0 day(s) ago, 6 total version(s), has lifecycle hook · package.json |
| medium | Suspicious Publish Context | {"package_age_days":0,"publisher":"shreyashp7","burst_same_day":4,"burst_week":4,"lure":null,"version_anomaly":false,"new_account":false} |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.1.4 | Review | 10 | 2026-06-13 |
1.1.3 | Review | 10 | 2026-06-13 |
1.1.2 | Review | 10 | 2026-06-13 |
1.1.1 | Review | 10 | 2026-06-13 |
1.1.0 | Review | 10 | 2026-06-13 |
1.0.5 | High risk | 45 | 2026-06-13 |
1.0.3 | High risk | 45 | 2026-06-13 |
1.0.4 | High risk | 60 | 2026-06-13 |
1.0.2 | High risk | 45 | 2026-06-13 |
1.0.1 | High risk | 85 | 2026-06-13 |
1.0.0 | Review | 10 | 2026-06-13 |
Campaign attribution
Related campaigns
- shreyashp7 — 5 releases, max score 85
Block this in CI
pkgradar gate --ecosystem npm [email protected]