Loading npm security reports…
An embedded preinstall payload would exfiltrate `/etc/hostname` with curl. It is not executable as shipped because the only manifest is invalid JSON.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L9Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L9