Loading npm security reports…
LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code mutates the package binary setup and creates or updates a first-party 100xprompt user config. No confirmed exfiltration, remote execution, or foreign control-surface mutation is present in the inspected source.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L8Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L8