npm · registry.npmjs.org
specweave
Install Lifecycle Suppresses Failure: preinstall="node scripts/check-node-version.js || exit 0"
Why PkgRadar flagged 1.0.592
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Suppresses Failure | preinstall="node scripts/check-node-version.js || exit 0" · package.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/src/core/fabric/discovery/content-fetcher.js |
| medium | Remote Payload | matched "api.github.com/graphql" · package/dist/src/sync/projects-v2.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/src/cli/commands/update.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.592 | High risk | 49 | 2026-06-17 |
1.0.591 | High risk | 49 | 2026-06-10 |
1.0.590 | High risk | 49 | 2026-06-10 |
1.0.589 | High risk | 49 | 2026-06-10 |
1.0.588 | High risk | 49 | 2026-06-10 |
1.0.587 | High risk | 49 | 2026-06-10 |
1.0.585 | High risk | 49 | 2026-06-10 |
1.0.586 | High risk | 49 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]