Severity
High
Description
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Suggestion
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Packages with this alert
act1on3
为 Taro 而设计的 Hooks Library
Get and control running apps, virtual desktop
ExtJS framework, with some changes, suitable for bridging to Joose