npm · registry.npmjs.org
@moon791017/neo-skills
Credential file access: matched "id_rsa"
Why PkgRadar flagged 1.0.42
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "id_rsa" · package/dist/hooks/secret-guard.js |
| high | Credential file access | matched ".azure" · package/skills/neo-azure-pipelines/templates/deploy/deploy-app-service.yml |
| medium | Large Javascript Payload | 2146140 bytes · package/dist/server.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.1.8 | Low risk | 0 | 2026-06-11 |
1.1.7 | Low risk | 0 | 2026-05-31 |
1.1.6 | Low risk | 0 | 2026-05-30 |
1.1.5 | Low risk | 0 | 2026-05-29 |
1.1.4 | Low risk | 0 | 2026-05-27 |
1.1.3 | Low risk | 0 | 2026-05-27 |
1.1.2 | Low risk | 0 | 2026-05-25 |
1.1.1 | Low risk | 0 | 2026-05-25 |
1.0.42 | Review | 70 | 2026-05-24 |
1.0.43 | Review | 70 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @moon791017/[email protected]