npm · registry.npmjs.org

@heartlandone/vega-sandbox-pr-2853-5be486a21a6669c34a6346ded24f5552142b7236

Credential file access: matched ".azure"

Why PkgRadar flagged 2.86.0

Severity	Signal	Evidence
high	Credential file access	matched ".azure" · package/dist/esm/index-bfc6dfa2.js
high	Credential file access	matched ".azure" · package/dist/cjs/index-f054eb5d.js
high	Credential file access	matched ".azure" · package/dist/vega/p-5a25014f.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.86.0`	Review	50	2026-05-25

Related campaigns

aprilzhu — 5 releases, max score 249

Block this in CI

PkgRadar gates @heartlandone/vega-sandbox-pr-2853-5be486a21a6669c34a6346ded24f5552142b7236 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @heartlandone/vega-sandbox-pr-2853-5be486a21a6669c34a6346ded24f5552142b7236@2.86.0

Start free — 25 scans / mo View full evidence