PkgRadar

npm · registry.npmjs.org

@cdx-forge/cli

Shell Credential File Read, Credential file access

Why PkgRadar flagged 0.1.0-beta.7

SeveritySignalEvidence
highShell Credential File Read
highCredential file access

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.0-beta.7High risk752026-06-29
0.1.0-beta.5High risk802026-06-29
0.1.0-beta.6High risk802026-06-29
0.1.0-beta.4High risk802026-06-29

Related campaigns

Block this in CI

PkgRadar gates @cdx-forge/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @cdx-forge/[email protected]
Start free — 25 scans / moView full evidence
@cdx-forge/cli — npm security scan | PkgRadar