npm · registry.npmjs.org

@book000/eslint-config

Credential file access: matched "github_token"

Why PkgRadar flagged 1.14.45

Severity	Signal	Evidence
high	Credential file access	matched "github_token" · package/.github/workflows/release.yml

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.14.59`	Low risk	0	2026-06-13
`1.14.58`	Low risk	0	2026-06-12
`1.14.57`	Low risk	0	2026-06-11
`1.14.55`	Low risk	0	2026-06-08
`1.14.54`	Low risk	0	2026-06-07
`1.14.53`	Low risk	0	2026-06-05
`1.14.52`	Low risk	0	2026-06-04
`1.14.51`	Low risk	0	2026-06-02
`1.14.50`	Low risk	0	2026-06-01
`1.14.49`	Low risk	0	2026-05-31
`1.14.48`	Low risk	0	2026-05-30
`1.14.47`	Low risk	0	2026-05-28
`1.14.46`	Low risk	0	2026-05-27
`1.14.45`	Review	30	2026-05-24
`1.14.43`	Review	30	2026-05-24
`1.14.44`	Review	30	2026-05-24

Block this in CI

PkgRadar gates @book000/eslint-config (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @book000/[email protected]