PkgRadar

npm · registry.npmjs.org

@kici-dev/compiler

Credential file access: matched ".npmrc"

Why PkgRadar flagged 0.1.18

SeveritySignalEvidence
mediumCredential file accessmatched ".npmrc" · package/dist/commands/hook.js
mediumCredential file accessmatched ".npmrc" · package/dist/commands/init.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.18Review252026-06-17
0.1.17Review252026-06-14
0.1.16Review252026-06-12
0.1.15Review252026-06-11
0.1.14Review172026-05-30
0.1.13Review332026-05-28
0.1.11Review332026-05-27
0.1.12Review332026-05-27
0.1.9Review332026-05-26
0.1.10Review332026-05-26
0.1.6Review332026-05-26
0.1.3Review332026-05-25
0.1.5Review332026-05-25

Block this in CI

PkgRadar gates @kici-dev/compiler (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @kici-dev/[email protected]
Start free — 25 scans / moView full evidence