PkgRadar

npm · registry.npmjs.org

pi-vscode-sr

New Account With Lifecycle Hook: package first published 5 day(s) ago, 10 total version(s), has lifecycle hook

Why PkgRadar flagged 1.4.0

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 1.4.0 vs 1.1.10: "mkdir -p ~/.pi" · package.json
mediumNew Account With Lifecycle Hookpackage first published 5 day(s) ago, 10 total version(s), has lifecycle hook · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.4.7Review32026-06-14
1.4.6Review32026-06-14
1.4.5Review32026-06-14
1.4.4Review32026-06-14
1.4.3Review52026-06-14
1.4.2Review32026-06-14
1.4.1Review32026-06-14
1.4.0High risk452026-06-14
1.1.10Low risk02026-06-09
1.1.9Low risk02026-06-09
1.1.8Low risk02026-06-09
1.1.7Low risk02026-06-09
1.1.5Low risk02026-06-09
1.1.3Low risk02026-06-09
1.1.2Low risk02026-06-09
1.1.1Low risk02026-06-09
1.1.0Low risk02026-06-09

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates pi-vscode-sr (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence