npm · registry.npmjs.org
@florianpat/lando-core
Known Indicator Filename: package/node_modules/@sigstore/bundle/dist/bundle.js
Why PkgRadar flagged 3.26.3-1florianPat.15
| Severity | Signal | Evidence |
|---|---|---|
| high | Known Indicator Filename | package/node_modules/@sigstore/bundle/dist/bundle.js · package/node_modules/@sigstore/bundle/dist/bundle.js |
| high | Known Indicator Filename | package/node_modules/@sigstore/sign/dist/bundler/bundle.js · package/node_modules/@sigstore/sign/dist/bundler/bundle.js |
| high | Credential file access | matched ".ssh" · package/builders/_lando.js |
| high | Credential file access | matched ".ssh" · package/hooks/app-check-ssh-keys.js |
| high | Credential file access | matched ".ssh" · package/node_modules/@npmcli/arborist/lib/consistent-resolve.js |
| high | Credential file access | matched ".ssh" · package/node_modules/@npmcli/arborist/lib/dep-valid.js |
| high | DNS / OAST exfiltration | matched "dns.lookup" · package/node_modules/@npmcli/agent/lib/dns.js |
| high | DNS / OAST exfiltration | matched "dns.resolve" · package/node_modules/retry/example/dns.js |
| high | Credential file access | matched ".ssh" · package/node_modules/node-forge/dist/forge.all.min.js |
| high | Credential file access | matched ".ssh" · package/node_modules/node-forge/dist/forge.min.js |
| high | Credential file access | matched ".ssh" · package/node_modules/pacote/lib/git.js |
| high | Credential file access | matched "id_rsa" · package/sources/github.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.26.3-1florianPat.15 | Review | 340 | 2026-05-24 |
3.26.5-1florianPat.0 | Review | 340 | 2026-05-24 |
Related campaigns
- known_indicator_filename:package/node_modules/@sigstore/sign/dist/bundler/bundle.js — 4 releases, max score 1437
- known_indicator_filename:package/node_modules/@sigstore/bundle/dist/bundle.js — 4 releases, max score 1437
Block this in CI
pkgradar gate --ecosystem npm @florianpat/[email protected]