Severity
High
Description
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Suggestion
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Packages with this alert
Most modern mobile touch slider and framework with hardware accelerated transitions
Most modern mobile touch slider and framework with hardware accelerated transitions
A custom of Swiper that allow using 3rd DOM manipulation like jQuery, Zepto,...etc
The environment runtime loaders for Sword Engine.