npm · registry.npmjs.org
@common-stack/generate-plugin
Credential file access: matched ".npmrc"
Early detection
PkgRadar flagged this 15.3 days before public disclosure
Detected 2026-05-26 · disclosed as MAL-2026-5546 on 2026-06-11
Why PkgRadar flagged 9.0.6-alpha.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Credential file access | matched ".npmrc" · package/lib/utils/copyDotfiles.mjs |
| medium | Credential file access | matched ".npmrc" · package/lib/generators/add-fullstack/updates/npmAuthSetup.mjs |
| medium | Credential file access | matched ".npmrc" · package/src/utils/copyDotfiles.ts |
| medium | Credential file access | matched ".npmrc" · package/src/generators/add-fullstack/updates/npmAuthSetup.ts |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
9.0.6-alpha.1 | Review | 25 | 2026-06-08 |
9.0.6-alpha.0 | Review | 25 | 2026-06-08 |
10.0.1-alpha.0 | Review | 25 | 2026-06-04 |
9.0.5-alpha.5 | Review | 25 | 2026-06-04 |
9.0.5-alpha.4 | Review | 25 | 2026-06-04 |
9.0.5-alpha.3 | Review | 25 | 2026-06-04 |
9.0.5-alpha.1 | Review | 25 | 2026-06-04 |
9.0.5-alpha.2 | Review | 25 | 2026-06-04 |
9.0.5-alpha.0 | Review | 25 | 2026-06-04 |
9.0.4-alpha.5 | Review | 25 | 2026-06-01 |
9.0.4-alpha.4 | Review | 25 | 2026-05-29 |
9.0.4-alpha.3 | Review | 25 | 2026-05-28 |
9.0.4-alpha.2 | Review | 25 | 2026-05-28 |
9.0.4-alpha.1 | Review | 25 | 2026-05-27 |
9.0.4-alpha.0 | Review | 25 | 2026-05-26 |
9.0.2-alpha.24 | Review | 25 | 2026-05-26 |
Block this in CI
pkgradar gate --ecosystem npm @common-stack/[email protected]