Package evidence
[email protected]
Install-time lifecycle script: install="echo 'Prebuilt binary ships in bin/. Run: npx node-gyp build'"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 9
- First published
- May 2026
- Publisher
- alexander2000
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install-time lifecycle script: install="echo 'Prebuilt binary ships in bin/. Run: npx node-gyp build'"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 5 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 1 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Install-time lifecycle script | package.json | install="echo 'Prebuilt binary ships in bin/. Run: npx node-gyp build'" | 5 |
Manifest
Package metadata
Scripts32
build./scripts/build/build.shbuild:devnode-gyp build --debugbuild:testnode-gyp buildcleannode-gyp clean && npm run configure && npm run buildconfigurenode-gyp configuredev:cppnpm run rebuild:dev && node ./tests/async_console.jsdocs:buildtypedoc lib/index.ts --out generated/docs --name "node-lxc" --theme default --excludePrivate --excludeProtected --entryPointStrategy expandexample:attachts-node examples/attach/index.tsexample:attach-streamsts-node examples/attach-streams/index.tsexample:checkpointts-node examples/checkpoint/index.tsexample:clonets-node examples/clone/index.tsexample:concurrent_createts-node examples/concurrent_create/index.tsexample:concurrent_destroyts-node examples/concurrent_destroy/index.tsexample:concurrent_shutdownts-node examples/concurrent_shutdown/index.tsexample:concurrent_startts-node examples/concurrent_start/index.tsexample:concurrent_stopts-node examples/concurrent_stop/index.tsexample:configts-node examples/config/index.tsexample:consolets-node examples/console/index.tsexample:console_asyncts-node examples/console_async/index.tsexample:createts-node examples/create/index.tsexample:executets-node examples/execute/index.tsexample:imagests-node examples/images/index.tsexample:keysts-node examples/list_keys/index.tsinstallecho 'Prebuilt binary ships in bin/. Run: npx node-gyp build'package./scripts/package/package.shpreviewnpm run build && mkdir -p ./node_modules/@sourceregistry/node-lxc && cp -r ./package/* ./node_modules/@sourceregistry/node-lxcrebuild:devnode-gyp rebuild --debug && npx tscsetup./scripts/setup/setup.shtestnode --require ts-node/register --test tests/index.tstest:buildnpm run build && npm run test- …and 2 more.
Dependencies1
node-addon-api^8.5.0