Loading npm security reports…
LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code persists package-owned 100xprompt configuration in the user profile and prepares the package binary. No source-confirmed exfiltration, remote payload retrieval, or foreign AI-agent control-surface mutation is established.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L8Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L8