npm · registry.npmjs.org

zkjson

Install-time lifecycle script: preinstall="./.github/scripts/precheck"

Why PkgRadar flagged 0.8.5

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	preinstall added in 0.8.5 vs 0.8.4: "./.github/scripts/precheck" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.8.5`	High risk	45	2026-06-10
`0.8.6`	Low risk	0	2026-05-27
`0.8.4`	Low risk	0	2026-05-26

Campaign attribution

Block this in CI

PkgRadar gates zkjson (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]