PkgRadar

npm · registry.npmjs.org

quilltap

Install-time lifecycle script: postinstall="node lib/native-modules.js"

Why PkgRadar flagged 4.6.0-dev.71

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 4.6.0-dev.71 vs 4.6.0-dev.41: "node lib/native-modules.js" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
4.6.0-dev.71High risk452026-06-10
4.6.1Review32026-06-06
4.6.0Review32026-06-05
4.7.0-devReview32026-06-05
4.6.0-dev.126Review32026-06-04
4.6.0-dev.106Review32026-06-02
4.6.0-dev.105Review32026-06-02
4.6.0-dev.99Review52026-06-01
4.6.0-dev.83Review52026-05-30
4.6.0-dev.84Review52026-05-30
4.6.0-dev.89Review52026-05-29
4.6.0-dev.41Review122026-05-25
4.6.0-dev.22Review122026-05-24
4.6.0-dev.39Review122026-05-24

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates quilltap (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence