npm · registry.npmjs.org
stake-math
New Account With Lifecycle Hook, Install-time lifecycle script
Early detection
PkgRadar flagged this 3.3 days before public disclosure
Detected 2026-06-25 · disclosed as MAL-2026-6585 on 2026-06-29
Why PkgRadar flagged 3.5.5
| Severity | Signal | Evidence |
|---|---|---|
| medium | New Account With Lifecycle Hook | — |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.5.5 | High risk | 5 | 2026-07-02 |
3.5.3 | Review | 5 | 2026-06-27 |
3.5.4 | Review | 5 | 2026-06-27 |
3.3.0 | Review | 10 | 2026-06-25 |
3.5.2 | High risk | 55 | 2026-06-25 |
3.2.0 | Review | 10 | 2026-06-25 |
3.1.0 | Review | 10 | 2026-06-25 |
Related campaigns
- Publisher burst: garir — 3 releases, max score 60
Block this in CI
pkgradar gate --ecosystem npm [email protected]