Loading npm security reports…
LPM treats this as warn-only first-party agent extension lifecycle risk. The install hook modifies package-owned local configuration and prepares its platform binary. No concrete exfiltration, remote payload retrieval, or foreign AI-agent control-surface mutation is established.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L8Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L8