npm · registry.npmjs.org

@percepta/create

Credential file access: matched ".npmrc"

Why PkgRadar flagged 4.2.0

Severity	Signal	Evidence
medium	Credential file access	matched ".npmrc" · package/dist/index.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.2.0`	Review	3	2026-06-16
`4.1.16`	Review	3	2026-06-09
`4.1.15`	Review	3	2026-06-09
`4.1.14`	Review	3	2026-06-09
`4.1.13`	Review	3	2026-06-08
`4.1.12`	Review	3	2026-06-08
`4.1.11`	Review	3	2026-06-08
`4.1.10`	Review	3	2026-06-08
`4.1.9`	Review	3	2026-06-06
`4.1.8`	Review	3	2026-06-04
`4.1.7`	Review	3	2026-06-04
`4.1.6`	Review	3	2026-06-04
`4.1.5`	Review	3	2026-06-04
`4.1.4`	Review	3	2026-06-03
`4.1.3`	Review	3	2026-06-03
`4.1.2`	Review	3	2026-06-03
`4.1.1`	Review	3	2026-06-03
`4.1.0`	Review	3	2026-06-02
`4.0.0`	Review	3	2026-06-02
`4.0.1`	Review	3	2026-06-02
`3.6.2`	Review	3	2026-06-02
`3.6.3`	Review	3	2026-06-02

Block this in CI

PkgRadar gates @percepta/create (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @percepta/[email protected]