Loading npm security reports…
LPM treats this as warn-only first-party agent extension lifecycle risk. Running `claude-cup` once persists an MCP server and SessionStart/PreToolUse/PostToolUse hooks in Claude Code configuration. Hook-triggered background analysis scans developer environment data and can invoke Claude with automatic permissions.
Package source references dynamic require/import behavior.
mcp-server/dist/mcp-server.mjsView on unpkg · L12Manifest entrypoint contains risky behavior absent from dist/build output.
src/cli.jsView on unpkg · L7Package source references dynamic require/import behavior.
mcp-server/dist/mcp-server.mjsView on unpkg · L12Manifest entrypoint contains risky behavior absent from dist/build output.
src/cli.jsView on unpkg · L7