PkgRadar

npm · registry.npmjs.org

@jumpgroup/trellis-tools

Credential file access: matched "id_rsa"

Why PkgRadar flagged 8.5.6

SeveritySignalEvidence
mediumCredential file accessmatched "id_rsa" · package/src/aws/ec2/ssh.js
mediumCredential file accessmatched "id_rsa" · package/src/aws/lightsail/sshKeys.js

Scanned versions

VersionVerdictScoreScanned (UTC)
8.5.6Review102026-06-09
8.5.5Review102026-06-05
8.5.3Review102026-06-05
8.5.4Review102026-06-05
8.5.2Review102026-06-05
8.5.1Review102026-06-04
8.5.0Review102026-06-04
8.4.0Review102026-06-04
8.3.0Review102026-05-29
8.3.1Review102026-05-29

Block this in CI

PkgRadar gates @jumpgroup/trellis-tools (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @jumpgroup/[email protected]
Start free — 25 scans / moView full evidence
@jumpgroup/trellis-tools — npm security scan | PkgRadar