Big update!Introducing GitHub Bot Commands. Learn more
Socket
Log inDemoInstall

Install scripts

Severity

High

Description

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Suggestion

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.


Packages with this issue

Socket[email protected]

Product

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc