npm · registry.npmjs.org
@askjo/camofox-browser
Credential file access: matched "GITHUB_TOKEN"
Why PkgRadar flagged 1.11.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "GITHUB_TOKEN" · package/scripts/postinstall.js |
| high | Install-time lifecycle script | postinstall="node scripts/postinstall.js" · package.json |
| high | Install Lifecycle Remote Or Exec | postinstall="node scripts/postinstall.js" · package.json |
| medium | Remote Payload | matched "curl " · package/plugins/youtube/post-install.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.11.1 | Review | 77 | 2026-05-24 |
1.11.2 | Review | 77 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @askjo/[email protected]