napi-postinstall 0.3.1
This package version has been yanked.
Yanked package versions cannot be used or downloaded from npm.
1 security vulnerability
found in version
0.3.1
eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code
high severity CVE-2025-54313
high severity
CVE-2025-54313
Affected versions:
= 0.3.1
eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
No license issues detected.
This package version has a license in the source code.