PkgRadar

npm · registry.npmjs.org

@financial-times/n-heroku-tools

Credential file access, Install-time lifecycle script, Obfuscation Density +1 more

Why PkgRadar flagged 13.0.1

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspackage.json

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
15.0.0Review12026-06-23
13.0.1High risk502026-06-23
14.0.0Review32026-06-23
14.0.1Review32026-06-23

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @financial-times/n-heroku-tools (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @financial-times/[email protected]
Start free — 25 scans / moView full evidence