Loading npm security reports…
Cut your Claude Code & Codex token bill. One line. No app.
LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack is present. An explicit user command installs a persistent first-party Claude Code hook that receives selected tool outputs; its npx-cache fallback resolves an unpinned latest package version at later hook execution.
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg