PkgRadar

npm · registry.npmjs.org

pp-react-v5

Install Lifecycle Repeated Payload, New Account With Lifecycle Hook, Install-time lifecycle script +1 more

Why PkgRadar flagged 30.0.2

SeveritySignalEvidence
highInstall Lifecycle Repeated Payload
highNew Account With Lifecycle Hook
mediumSuspicious Publish Context

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
30.0.2High risk452026-07-01
30.0.1High risk752026-07-01

Related campaigns

Block this in CI

PkgRadar gates pp-react-v5 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
pp-react-v5 — npm malware advisory | PkgRadar