Big update!Introducing GitHub Bot Commands. Learn more
Socket
BlogLoveLog in
Book a demo

Install scripts

Severity

High

Description

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Suggestion

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.


Packages with this issue

2345
192Next
Socket

Product

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc