npm · registry.npmjs.org

@emilgroup/document-uploader

Credential file access: matched ".npmrc"

Why PkgRadar flagged 0.0.10

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	postinstall added in 0.0.10 vs 0.0.9: "node index.js" · package.json
medium	Credential file access	matched ".npmrc" · package/index.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.8`	Low risk	0	2026-06-16
`0.0.9`	Low risk	0	2026-06-16
`1.0.0`	Low risk	0	2026-06-16
`0.0.10`	High risk	55	2026-06-16

Campaign attribution

Block this in CI

PkgRadar gates @emilgroup/document-uploader (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @emilgroup/[email protected]