npm · registry.npmjs.org

@deskpro/apps-dpat

Credential file access: matched "GITHUB_TOKEN"

Why PkgRadar flagged 0.10.6

Severity	Signal	Evidence
high	Credential file access	matched "GITHUB_TOKEN" · package/src/main/javascript/command/dpat-travis.js
high	Remote Dependency Spec	dependencies.babel-plugin-syntax-async-functions="https://registry.npmjs.org/babel-plugin-syntax-async-functions/-/babel-plugin-syntax-async-functions-6.13.0.tgz" · package.json
high	Remote Dependency Spec	dependencies.babel-plugin-transform-regenerator="https://registry.npmjs.org/babel-plugin-transform-regenerator/-/babel-plugin-transform-regenerator-6.24.1.tgz" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.10.6`	High risk	41	2026-06-04
`0.10.7`	High risk	41	2026-06-04

Block this in CI

PkgRadar gates @deskpro/apps-dpat (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @deskpro/[email protected]