Loading npm security reports…
Vaxis CLI — diagram and architecture tool for AI-assisted software design
The install hook fetches an unverified native payload from a release URL, then the CLI executes it on user invocation. No source evidence establishes malicious behavior inside the downloaded payload.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L10Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L10