PkgRadar

npm · registry.npmjs.org

@ashsec/copilot-api

Credential file access: matched "github_token"

Why PkgRadar flagged 0.11.13

SeveritySignalEvidence
mediumCredential file accessmatched "github_token" · package/dist/main.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.11.13Review102026-06-11
0.12.3Review102026-06-11
0.18.0Review102026-06-11
1.0.0Review102026-06-11

Block this in CI

PkgRadar gates @ashsec/copilot-api (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @ashsec/[email protected]
Start free — 25 scans / moView full evidence