PkgRadar

npm · registry.npmjs.org

stake-math

New Account With Lifecycle Hook, Install-time lifecycle script

Early detection

PkgRadar flagged this 3.3 days before public disclosure

Detected 2026-06-25 · disclosed as MAL-2026-6585 on 2026-06-29

Why PkgRadar flagged 3.5.5

SeveritySignalEvidence
mediumNew Account With Lifecycle Hook

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
3.5.5High risk52026-07-02
3.5.3Review52026-06-27
3.5.4Review52026-06-27
3.3.0Review102026-06-25
3.5.2High risk552026-06-25
3.2.0Review102026-06-25
3.1.0Review102026-06-25

Related campaigns

Block this in CI

PkgRadar gates stake-math (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
stake-math — npm malware advisory | PkgRadar