npm · registry.npmjs.org

@etsoo/smarterp-core

Credential file access: matched ".npmrc"

Why PkgRadar flagged 1.1.48

Severity	Signal	Evidence
high	Credential file access	matched ".npmrc" · package/.github/workflows/main.yml

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.1.59`	Low risk	0	2026-06-12
`1.1.58`	Low risk	0	2026-06-12
`1.1.57`	Low risk	0	2026-06-09
`1.1.56`	Low risk	0	2026-06-06
`1.1.55`	Low risk	0	2026-05-31
`1.1.54`	Low risk	0	2026-05-31
`1.1.53`	Low risk	0	2026-05-26
`1.1.52`	Low risk	0	2026-05-26
`1.1.51`	Low risk	0	2026-05-25
`1.1.50`	Low risk	0	2026-05-25
`1.1.49`	Low risk	0	2026-05-25
`1.1.48`	Review	30	2026-05-25
`1.1.47`	Review	30	2026-05-24
`1.1.46`	Review	30	2026-05-24
`1.1.44`	Review	30	2026-05-24
`1.1.45`	Review	30	2026-05-24

Block this in CI

PkgRadar gates @etsoo/smarterp-core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @etsoo/[email protected]