Guard
Dashboard
Redacted warning

OpenCode was stopped before running a malicious postinstall script

A redacted example of a supply-chain attack via npm install.

Stop this locallyProtect a team
Redacted for safety: no raw prompt, local path, secret, or private workspace detail is shown.

What tried to happen: OpenCode attempted to install a package with a postinstall script that reads .env files.

Why risky: Postinstall scripts run with full permissions before anyone reviews the code.

What Guard did: HOL Guard paused the install and showed the script contents.

Safe next step

Review postinstall scripts before allowing installs. Pin dependencies to known-good versions.

Skill and plugin safetyopencode guideSupply-chain install checkInstall HOL GuardProtect your team