build

This package.json mostly contains normal development and build scripts. The primary security concerns are: (1) postinstall can execute a script located outside the package (../shared/scripts/...), which enables potential untrusted code execution if that external path is writable or controlled by an attacker; and (2) the use of the mutable "latest" tag for @cesdk/cesdk-js increases supply-chain risk. No explicit malicious behaviors (reverse shells, telemetry uploads, http-based dependencies, or overrides to non-registry sources) are visible in this file, but you should inspect any external/parent scripts referenced by postinstall and avoid running install in directories where ../shared can be tampered with.