npm · registry.npmjs.org

@heartlandone/vega-sandbox-pr-2962-8b1551df2cf3a2e150c5ce2bb305271bf7ac3934

Credential file access: matched ".azure"

Why PkgRadar flagged 2.85.0

Severity	Signal	Evidence
high	Credential file access	matched ".azure" · package/dist/esm/index-bfc6dfa2.js
high	Credential file access	matched ".azure" · package/dist/cjs/index-f054eb5d.js
high	Credential file access	matched ".azure" · package/dist/vega/p-5a25014f.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.85.0`	Review	50	2026-05-25

Related campaigns

aprilzhu — 5 releases, max score 249

Block this in CI

PkgRadar gates @heartlandone/vega-sandbox-pr-2962-8b1551df2cf3a2e150c5ce2bb305271bf7ac3934 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @heartlandone/vega-sandbox-pr-2962-8b1551df2cf3a2e150c5ce2bb305271bf7ac3934@2.85.0

Start free — 25 scans / mo View full evidence