npm · registry.npmjs.org
@coder/nbin
Credential File Packaged: package/lib/node/deps/node-inspect/.npmrc
Why PkgRadar flagged 1.2.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential File Packaged | package/lib/node/deps/node-inspect/.npmrc · package/lib/node/deps/node-inspect/.npmrc |
| high | Credential File Packaged | package/lib/node/deps/npm/test/fixtures/config/.npmrc · package/lib/node/deps/npm/test/fixtures/config/.npmrc |
| medium | Remote Payload | matched "wget " · package/lib/node/deps/v8/tools/fuzz-harness.sh |
| medium | Remote Payload | matched "curl " · package/lib/node/deps/v8/third_party/jinja2/get_jinja2.sh |
| medium | Remote Payload | matched "curl " · package/lib/node/deps/v8/third_party/markupsafe/get_markupsafe.sh |
| medium | Remote Payload | matched "wget " · package/lib/node/deps/v8/tools/jsfunfuzz/fuzz-harness.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.2.3 | High risk | 82 | 2026-06-11 |
1.2.6 | High risk | 82 | 2026-06-11 |
1.2.7 | Low risk | 0 | 2026-06-11 |
1.2.5 | High risk | 82 | 2026-06-11 |
Block this in CI
pkgradar gate --ecosystem npm @coder/[email protected]