PkgRadar

npm · registry.npmjs.org

testnpmnmp

Large Javascript Payload: 6036017 bytes

Why PkgRadar flagged 1.0.21

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspreinstall added in 1.0.21 vs 1.0.20: "./scripts/postbuild" · package.json
mediumLarge Javascript Payload6036017 bytes · package/dist/index.cjs.js
mediumLarge Javascript Payload6036307 bytes · package/dist/index.esm.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.19Review102026-05-27
1.0.20Review102026-05-26
1.0.21High risk652026-05-26

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates testnpmnmp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence