npm · registry.npmjs.org

@kdtix-open/sdlca-bridge

Credential file access: matched "GITHUB_TOKEN"

Why PkgRadar flagged 0.1.7

Severity	Signal	Evidence
high	Credential file access	matched "GITHUB_TOKEN" · package/bridge/index.js
high	Credential file access	matched "GITHUB_TOKEN" · package/bin/sdlca-bridge.js
medium	Obfuscation Density	high encoded/escaped-token density · package/bin/sdlca-bridge.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.10`	Low risk	0	2026-06-11
`0.1.6`	Low risk	0	2026-06-08
`0.1.9`	Low risk	0	2026-06-08
`0.1.7`	Review	50	2026-05-24
`0.1.8`	Review	50	2026-05-24

Related campaigns

Block this in CI

PkgRadar gates @kdtix-open/sdlca-bridge (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @kdtix-open/[email protected]