napi-postinstall

removed

malicious

The `postinstall` script helper for handling native bindings in legacy `npm` versions

License: Permissive (MIT)

Published:

Visit Github

See on npm

SAFE Assessment

Compliance

Licenses

No license compliance issues

Secrets

No sensitive information found

Security

Vulnerabilities

2 severe vulnerabilities exploited

Hardening

2 low priority mitigations absent

Threats

Tampering

1 malware-like behaviors found

Malware

3 supply chain attack artifacts

IMPORTANT: This package had 1 malicious incident in the last 2 years

Latest malware incident detected:

Version: 0.3.1

INCIDENTS FOR THIS VERSION:

malware

Reported By: Community (Socket)

More info

malware

Reported By: Community (Bleeping Computer)

More info

malware

Reported By: Community (OpenSSF)

More info

malware

Reported By: ReversingLabs (Researcher)

Learn more about malware detection

removal

Reported By: Community

Historical list of all known contributors that worked on this software package.

Role

Username

maintainer

jounqin

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.