npm · registry.npmjs.org
@luciq/react-native
Credential file access: matched "GITHUB_TOKEN"
Why PkgRadar flagged 19.6.0-51917-SNAPSHOT
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "GITHUB_TOKEN" · package/scripts/notify-github.sh |
| medium | Obfuscation Density | high encoded/escaped-token density · package/plugin/build/index.js |
| medium | Remote Payload | matched "curl " · package/scripts/releases/get_job_approver.sh |
| medium | Remote Payload | matched "curl " · package/scripts/get-github-app-token.sh |
| medium | Remote Payload | matched "curl " · package/scripts/notify-github.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
19.6.0-51917-SNAPSHOT | Review | 66 | 2026-05-24 |
19.7.0 | Review | 66 | 2026-05-24 |
Related campaigns
- luciq-sdk-bot — 2 releases, max score 87
Block this in CI
pkgradar gate --ecosystem npm @luciq/[email protected]