Cargo · crates.io

thirdpass

Credential file access: matched ".npmrc"

Why PkgRadar flagged 0.6.0

Severity	Signal	Evidence
high	Credential file access	matched ".npmrc" · thirdpass-0.6.0/src/review/tool/agent.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.6.0`	High risk	30	2026-06-14
`0.5.0`	High risk	30	2026-06-03
`0.4.3`	High risk	30	2026-05-30

Block this in CI

PkgRadar gates thirdpass (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]