[GH-ISSUE #3] [potential Security Alert] New `postinstall` script added in `food402@1.0.3` #1

New issue

Closed

opened 2026-02-27 15:56:45 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 15:56:45 +03:00

Owner

Originally created by @alphaleadership on GitHub (Feb 1, 2026).
Original GitHub issue: https://github.com/rersozlu/food402/issues/3

A new postinstall script was detected in version 1.0.3 of the package food402.

Script content:

node dist/postinstall.js

see npm documentation on package scripts for more details.
and the detector. to understand why this script might be dangerous.
to get the alert only for dangerous scripts, please visitthe telegram
This could be a security risk. Please investigate.

Originally created by @alphaleadership on GitHub (Feb 1, 2026). Original GitHub issue: https://github.com/rersozlu/food402/issues/3 A new `postinstall` script was detected in version `1.0.3` of the package `food402`. **Script content:** ``` node dist/postinstall.js ``` see [npm documentation on package scripts](https://docs.npmjs.com/cli/v9/using-npm/scripts) for more details. and [the detector](https://github.com/alphaleadership/npm-check). to understand why this script might be dangerous. to get the alert only for dangerous scripts, please visit[the telegram](https://t.me/npmalert) This could be a security risk. Please investigate.