PkgRadar

npm · registry.npmjs.org

@bitblit/ratchet-aws-node-only

Credential file access: matched "id_rsa"

Why PkgRadar flagged 5.1.122-alpha

SeveritySignalEvidence
mediumCredential file accessmatched "id_rsa" · package/lib/cli/start-instance-and-ssh.js

Scanned versions

VersionVerdictScoreScanned (UTC)
4.0.119-alphaLow risk02026-06-19
4.0.121-alphaLow risk02026-06-19
4.0.128-alphaLow risk02026-06-19
5.1.122-alphaReview52026-06-19
6.1.199-alphaReview62026-06-19
6.1.200-alphaReview62026-06-19
6.1.201-alphaReview62026-06-19
6.1.208-alphaReview62026-06-19

Block this in CI

PkgRadar gates @bitblit/ratchet-aws-node-only (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @bitblit/[email protected]
Start free — 25 scans / moView full evidence
@bitblit/ratchet-aws-node-only — npm security scan | PkgRadar