# @nativescript/core@9.1.0-alpha.7 — Threat Briefing

Critical risk — threat briefing for npm package @nativescript/core@9.1.0-alpha.7. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 9.0.18
- **License:** Apache-2.0

## Risk

- **Level:** critical
- **Summary:** Version published less than 24 hours ago — scanner results may be incomplete

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | Postinstall |
| network access | client |
| filesystem | none |
| shell execution | none |

## Capabilities

### Other

- Filesystem read from package directory (info-only) [common]
- External vendor / cloud integration [common]
- VM/sandbox evasion [common]

## Key Signals

- ****
- ****
- ****

## Maintainer


## Recommended Action

Do not install. Review immediately if already in use.