Loading npm security reports…
On-device, auditable AI-coding capture for internal engineering teams
LPM treats this as warn-only first-party agent extension lifecycle risk. A global npm install persists a package-owned executable under `~/.promptster-teams/bin/` and invokes its autostart-repair subcommand. The launcher later prefers that managed executable. No confirmed exfiltration or foreign AI-agent control-surface mutation appears in inspected JavaScript.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L24Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L24