npm · registry.npmjs.org

@expiren/opencode-antigravity-auth

Credential file access: matched ".SSH"

Why PkgRadar flagged 1.6.18

Severity	Signal	Evidence
high	Credential file access	matched ".SSH" · package/dist/index.js
high	Credential file access	matched ".SSH" · package/dist/src/plugin.js
high	Credential file access	matched ".SSH" · package/dist/src/plugin/server.js
medium	Obfuscation Density	high encoded/escaped-token density · package/dist/index.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.6.95`	Low risk	0	2026-06-13
`1.6.94`	Low risk	0	2026-06-13
`1.6.93`	Low risk	0	2026-06-13
`1.6.92`	Low risk	0	2026-06-12
`1.6.91`	Low risk	0	2026-06-12
`1.6.90`	Low risk	0	2026-06-12
`1.6.89`	Low risk	0	2026-06-12
`1.6.88`	Low risk	0	2026-06-12
`1.6.87`	Low risk	0	2026-06-12
`1.6.86`	Low risk	0	2026-06-12
`1.6.85`	Low risk	0	2026-06-12
`1.6.84`	Low risk	0	2026-06-12
`1.6.83`	Low risk	0	2026-06-12
`1.6.82`	Low risk	0	2026-06-12
`1.6.81`	Low risk	0	2026-06-12
`1.6.80`	Low risk	0	2026-06-08
`1.6.79`	Low risk	0	2026-06-07
`1.6.78`	Low risk	0	2026-06-07
`1.6.77`	Low risk	0	2026-06-07
`1.6.76`	Low risk	0	2026-06-07
`1.6.75`	Low risk	0	2026-06-07
`1.6.74`	Low risk	0	2026-06-06
`1.6.73`	Low risk	0	2026-06-06
`1.6.72`	Low risk	0	2026-06-06
`1.6.71`	Low risk	0	2026-06-06
`1.6.70`	Low risk	0	2026-06-06
`1.6.69`	Low risk	0	2026-06-06
`1.6.68`	Low risk	0	2026-06-06
`1.6.67`	Low risk	0	2026-06-06
`1.6.66`	Low risk	0	2026-06-05
`1.6.65`	Low risk	0	2026-06-05
`1.6.64`	Low risk	0	2026-06-05
`1.6.63`	Low risk	0	2026-06-05
`1.6.62`	Low risk	0	2026-06-05
`1.6.61`	Low risk	0	2026-06-05
`1.6.60`	Low risk	0	2026-06-04
`1.6.59`	Low risk	0	2026-06-04
`1.6.58`	Low risk	0	2026-06-04
`1.6.57`	Low risk	0	2026-06-04
`1.6.56`	Low risk	0	2026-06-04
`1.6.55`	Low risk	0	2026-06-04
`1.6.54`	Low risk	0	2026-06-04
`1.6.53`	Low risk	0	2026-06-03
`1.6.51`	Low risk	0	2026-06-01
`1.6.52`	Low risk	0	2026-06-01
`1.6.49`	Low risk	0	2026-06-01
`1.6.48`	Low risk	0	2026-06-01
`1.6.47`	Low risk	0	2026-06-01
`1.6.46`	Low risk	0	2026-06-01
`1.6.45`	Low risk	0	2026-06-01
`1.6.44`	Low risk	0	2026-06-01
`1.6.43`	Low risk	0	2026-06-01
`1.6.42`	Low risk	0	2026-06-01
`1.6.41`	Low risk	0	2026-06-01
`1.6.40`	Low risk	0	2026-05-31
`1.6.38`	Low risk	0	2026-05-31
`1.6.39`	Low risk	0	2026-05-31
`1.6.37`	Low risk	0	2026-05-31
`1.6.36`	Low risk	0	2026-05-31
`1.6.35`	Low risk	0	2026-05-31
`1.6.34`	Low risk	0	2026-05-30
`1.6.33`	Low risk	0	2026-05-30
`1.6.32`	Low risk	0	2026-05-29
`1.6.31`	Low risk	0	2026-05-29
`1.6.30`	Low risk	0	2026-05-29
`1.6.29`	Low risk	0	2026-05-28
`1.6.28`	Low risk	0	2026-05-28
`1.6.27`	Low risk	0	2026-05-27
`1.6.26`	Low risk	0	2026-05-27
`1.6.20`	Low risk	0	2026-05-26
`1.6.19`	Low risk	0	2026-05-26
`1.6.18`	Review	50	2026-05-25
`1.6.17`	Review	50	2026-05-25

Related campaigns

expiren — 2 releases, max score 80

Block this in CI

PkgRadar gates @expiren/opencode-antigravity-auth (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @expiren/[email protected]

Start free — 25 scans / mo View full evidence