npm · registry.npmjs.org

@pingid/prettier-plugin-sort-imports

Credential file access: matched "NPM_TOKEN"

Why PkgRadar flagged 0.0.12

Severity	Signal	Evidence
high	Credential file access	matched "NPM_TOKEN" · package/.github/workflows/publish.yml
medium	Remote Payload	matched "curl " · package/.github/workflows/publish.yml

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.13`	Low risk	0	2026-05-28
`0.0.12`	Review	42	2026-05-25
`0.0.10`	Review	42	2026-05-25
`0.0.11`	Review	42	2026-05-25

Related campaigns

Block this in CI

PkgRadar gates @pingid/prettier-plugin-sort-imports (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @pingid/[email protected]