PkgRadar

npm · registry.npmjs.org

@ductape/sdk

Credential file access: matched ".AWS"

Why PkgRadar flagged 0.1.12

SeveritySignalEvidence
highCredential file accessmatched ".AWS" · package/dist/brokers/utils/broker.util.js
highCredential file accessmatched ".AWS" · package/dist/brokers/brokers.service.js
highCredential file accessmatched ".AWS" · package/dist/products/validators/joi-validators/create.productStorage.validator.js
highCredential file accessmatched ".AWS" · package/dist/products/utils/functions.utils.js
highCredential file accessmatched ".AWS" · package/dist/processor/services/processor.service.js
highCredential file accessmatched ".AWS" · package/dist/products/services/products.service.js
highCredential file accessmatched ".AWS" · package/dist/storage/storage-cloud-link.util.js
highCredential file accessmatched ".AWS" · package/dist/storage/storage.service.js
highCredential file accessmatched ".AWS" · package/dist/processor/utils/storage.util.js
highCredential file accessmatched ".AWS" · package/dist/storage/utils/storage.util.js
highCredential file accessmatched ".aws" · package/package.json
mediumRemote Payloadmatched "cUrl " · package/dist/brokers/brokers.service.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.17Low risk02026-06-12
0.1.16Low risk02026-06-12
0.1.14Low risk02026-06-09
0.1.13Low risk02026-06-08
0.1.12Review922026-05-25
0.1.10Review922026-05-24
0.1.11Review922026-05-24

Related campaigns

Block this in CI

PkgRadar gates @ductape/sdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @ductape/[email protected]
Start free — 25 scans / moView full evidence