npm · registry.npmjs.org

@aws-sdk/client-kms

Shell Credential File Read

Why PkgRadar flagged 3.1075.0

Severity	Signal	Evidence
high	Shell Credential File Read	package/dist-cjs/index.js

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.1075.0`	High risk	13	2026-06-23
`3.1074.0`	Low risk	0	2026-06-22
`3.1073.0`	Low risk	0	2026-06-19
`3.1072.0`	Low risk	0	2026-06-18
`3.1071.0`	Low risk	0	2026-06-17
`3.1070.0`	Low risk	0	2026-06-16
`3.1069.0`	Low risk	0	2026-06-15
`3.1068.0`	Low risk	0	2026-06-12
`3.1067.0`	Low risk	0	2026-06-11
`3.1066.0`	Low risk	0	2026-06-10
`3.1065.0`	Low risk	0	2026-06-10
`3.1064.0`	Low risk	0	2026-06-08
`3.1063.0`	Low risk	0	2026-06-05
`3.1062.0`	Low risk	0	2026-06-04
`3.1061.0`	Low risk	0	2026-06-03
`3.1060.0`	Low risk	0	2026-06-03
`3.1059.0`	Low risk	0	2026-06-02
`3.1058.0`	Low risk	0	2026-06-01
`3.1057.0`	Low risk	0	2026-05-29
`3.1056.0`	Low risk	0	2026-05-28
`3.1055.0`	Low risk	0	2026-05-27
`3.1054.0`	Low risk	0	2026-05-27
`3.1053.0`	Low risk	0	2026-05-27

Block this in CI

PkgRadar gates @aws-sdk/client-kms (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @aws-sdk/[email protected]