npm · registry.npmjs.org
weavedb-contracts
Install Lifecycle Binary Exec: preinstall="./scripts/postbuild"
Early detection
PkgRadar flagged this 1.6 days before public disclosure
Detected 2026-06-03 · disclosed as MAL-2026-5192 on 2026-06-04
Why PkgRadar flagged 0.45.2
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | preinstall added in 0.45.2 vs 0.45.1: "./scripts/postbuild" · package.json |
| medium | Install Lifecycle Binary Exec | preinstall="./scripts/postbuild" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.45.2 | High risk | 60 | 2026-06-10 |
0.45.3 | Low risk | 0 | 2026-05-30 |
0.45.1 | Low risk | 0 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]