Loading npm security reports…
On-device, auditable AI-coding capture for internal engineering teams
LPM treats this as warn-only first-party agent extension lifecycle risk. On global installation, the lifecycle script installs a managed executable under the user's home directory and invokes its autostart-repair command. The bundled source contains no direct exfiltration or foreign AI-agent configuration writes, but the invoked native platform payload is not present for inspection.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L24Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L24