Skip to content
Open
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
d26668d
chore: update package.json for postinstall canary test
pullfrog[bot] May 1, 2026
a05797e
chore: update package.json for postinstall canary test
pullfrog[bot] May 9, 2026
3480767
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] May 9, 2026
805948b
chore: update package.json for postinstall canary test
pullfrog[bot] May 11, 2026
abe2c32
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] May 11, 2026
9ca5ed3
chore: update package.json for postinstall canary test
pullfrog[bot] May 12, 2026
4c07293
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] May 12, 2026
410ba2c
chore: update package.json for postinstall canary test
pullfrog[bot] May 13, 2026
712652a
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] May 13, 2026
8d6fdae
chore: update package.json for postinstall canary test
pullfrog[bot] May 13, 2026
fbc55b8
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] May 13, 2026
5f1fd00
chore: update package.json for postinstall canary test
pullfrog[bot] May 14, 2026
ec796d6
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] May 14, 2026
556d4a1
chore: add postinstall canary script for dependency installation test
pullfrog[bot] May 15, 2026
1379474
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] May 15, 2026
30660e7
add package.json with postinstall canary script
pullfrog[bot] May 25, 2026
1dfbedc
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] May 25, 2026
32afc4e
chore: add test-pkg package.json with postinstall canary
pullfrog[bot] Jun 8, 2026
0b6f8ee
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] Jun 8, 2026
2cb2ad9
add package.json with postinstall canary script
pullfrog[bot] Jun 11, 2026
88a4172
Merge remote-tracking branch 'origin/pullfrog/test-pkg-postinstall-ca…
pullfrog[bot] Jun 11, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"name": "test-repo",
"private": true,
"type": "module",
"name": "test-pkg",
"version": "1.0.0",
"scripts": {
"test": "vitest run"
}
"postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt"
},
"dependencies": {}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test artifact overwrites production package.json configuration

High Severity

The real package.json has been entirely replaced by a test fixture. This removes "private": true (risking accidental npm publish), removes "type": "module" (breaking ES module resolution for the existing .ts source files), and replaces the "test": "vitest run" script with a postinstall canary that writes to /tmp. The repository still contains real source and test files that depend on the original configuration.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit d26668d. Configure here.

}