npm · registry.npmjs.org

sql-preview

Install Lifecycle Remote Or Exec: postinstall="node -e \"try { require('child_process').execSync('bash scripts/install-hooks.sh', {stdio:'inherit'}) } catch(e) {}\""

Why PkgRadar flagged 0.5.11

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	postinstall="node -e \"try { require('child_process').execSync('bash scripts/install-hooks.sh', {stdio:'inherit'}) } catch(e) {}\"" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.5.11`	High risk	35	2026-06-13
`0.6.4`	Low risk	0	2026-06-03
`0.6.3`	Low risk	0	2026-06-03
`0.6.2`	Low risk	0	2026-06-03
`0.6.1`	Low risk	0	2026-05-29

Campaign attribution

Part of the Clob dropper campaign.

Block this in CI

PkgRadar gates sql-preview (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence