Socket
Socket
Sign inDemoInstall

Install scripts

Severity

High

Description

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Suggestion

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.


Packages with this alert

2345
643Next
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc