Severity
High
Description
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Suggestion
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Packages with this alert
3VOT Command Line Interface to run development task from the command line.
A 'hash' function module for Node.js written in C.
Don't install this! It just a test.
8base CLI