Loading npm security reports…
Structured file editing library and CLI for AI agents: parser-backed JSON/YAML/TOML edits, AST-aware code operations, multi-file batching, markdown operations, and MCP server
`postinstall` fetches and extracts an externally hosted native executable. The downloaded executable is run only when the user invokes `patchloom`. No confirmed credential theft, persistence outside package files, or agent-control mutation is present.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L48Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L48