npm · registry.npmjs.org

@microsoft/m365-copilot-eval

Credential file access: matched ".ssh/"

Why PkgRadar flagged 1.10.0-preview.1

Severity	Signal	Evidence
medium	Credential file access	matched ".ssh/" · package/src/clients/cli/custom_evaluators/security_scanner.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.10.0-preview.1`	Review	10	2026-06-10
`1.7.0-preview.1`	Low risk	0	2026-06-10
`1.8.0-preview.1`	Low risk	0	2026-05-27
`1.9.0-preview.1`	Low risk	0	2026-05-27

Block this in CI

PkgRadar gates @microsoft/m365-copilot-eval (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @microsoft/[email protected]