Loading npm security reports…
LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time or import-time attack behavior was found. Explicit `srt init` installs a first-party MCP configuration, and the user-invoked dev server exposes development control and proxy capabilities.
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/util.tsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/util.tsView on unpkg