Loading npm security reports…
LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code mutates first-party configuration under the user's home directory and normalizes a selected platform binary. No confirmed exfiltration, remote payload retrieval, or foreign AI-agent control-surface write is present in the inspected files.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L8Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L8