npm · registry.npmjs.org
@matyah00/openpi
Credential file access: matched ".ssh"
Why PkgRadar flagged 0.2.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".ssh" · package/damage-control-rules.yaml |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/catppuccin-mocha.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/cyberpunk.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/dracula.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/everforest.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/gruvbox.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/midnight-ocean.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/nord.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/ocean-breeze.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/rose-pine.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/synthwave.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/themes/tokyo-night.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.2.0 | Review | 42 | 2026-05-24 |
0.1.5 | Review | 30 | 2026-05-24 |
0.1.4 | Review | 30 | 2026-05-24 |
0.1.2 | Review | 30 | 2026-05-24 |
0.1.3 | Review | 30 | 2026-05-24 |
Related campaigns
- matyah00 — 5 releases, max score 54
Block this in CI
pkgradar gate --ecosystem npm @matyah00/[email protected]