Severity
High
Description
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Suggestion
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Packages with this alert
Gatsby Theme for building Olly documentation
1. omelox是pomelo的TS版本,框架内部把回调改为了Promise。 1. 框架与pomelo一样,所以可以看pomelo的相关教程。 1. 协议与pomelo一样,所以pomelo的客户端代码可以直接对接上omelox服务端。
test
Security research purposes only.