npm · registry.npmjs.org

@bitblit/ratchet-aws

Credential file access: matched ".ssh/"

Why PkgRadar flagged 6.1.199-alpha

Severity	Signal	Evidence
medium	Credential file access	matched ".ssh/" · package/src/ec2/ec2-ratchet.spec.ts

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.0.119-alpha`	Low risk	0	2026-06-19
`4.0.120-alpha`	Low risk	0	2026-06-19
`4.0.121-alpha`	Low risk	0	2026-06-19
`5.1.122-alpha`	Low risk	0	2026-06-19
`6.1.199-alpha`	Review	3	2026-06-19
`6.1.200-alpha`	Review	3	2026-06-19
`6.1.201-alpha`	Review	3	2026-06-19
`6.1.208-alpha`	Review	3	2026-06-19

Block this in CI

PkgRadar gates @bitblit/ratchet-aws (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @bitblit/[email protected]