Loading npm security reports…
Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-named source file stages remote content through filesystem writes and execution.
Package defines install-time lifecycle scripts.
package.jsonView on unpkg · L17Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L17Install-named source file stages remote content through filesystem writes and execution.
scripts/install.jsView on unpkg · L4