npm · registry.npmjs.org
titan-agent
Install Lifecycle Remote Or Exec: postinstall="node -e \"try{require('./scripts/postinstall.cjs')}catch(e){if(e.code==='MODULE_NOT_FOUND'){console.log('TITAN installed. Run: titan onboard')}else{throw e}}\""
Why PkgRadar flagged 6.5.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"try{require('./scripts/postinstall.cjs')}catch(e){if(e.code==='MODULE_NOT_FOUND'){console.log('TITAN installed. Run: titan onboard')}else{throw e}}\"" · package.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/skills/marketplace.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/cli/onboard.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
6.5.3 | High risk | 84 | 2026-06-08 |
6.5.1 | High risk | 84 | 2026-06-08 |
6.5.2 | High risk | 84 | 2026-06-08 |
6.4.1 | High risk | 84 | 2026-06-08 |
6.5.0 | High risk | 84 | 2026-06-08 |
6.4.3 | High risk | 84 | 2026-06-08 |
6.4.4 | High risk | 84 | 2026-06-08 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]