Severity
High
Description
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Suggestion
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Packages with this alert
A sandboxed ServiceWorker environment for testing
dont install pls for proof of concept purpose
foysal1197 p-o-c