npm · registry.npmjs.org

@pocketprep/types

Credential file access: matched "NPM_TOKEN"

Why PkgRadar flagged 1.19.0

Severity	Signal	Evidence
high	Credential file access	matched "NPM_TOKEN" · package/.github/workflows/npm-publish.yml

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.19.12`	Low risk	0	2026-06-16
`1.19.11`	Low risk	0	2026-06-15
`1.19.10`	Low risk	0	2026-06-15
`1.19.9`	Low risk	0	2026-06-15
`1.19.8`	Low risk	0	2026-06-08
`1.19.7`	Low risk	0	2026-06-08
`1.19.6`	Low risk	0	2026-06-05
`1.19.5`	Low risk	0	2026-06-04
`1.19.3`	Low risk	0	2026-06-03
`1.19.4`	Low risk	0	2026-06-03
`1.19.2`	Low risk	0	2026-06-02
`1.19.1`	Low risk	0	2026-06-01
`1.19.0`	Review	30	2026-05-25
`1.17.0`	Review	30	2026-05-24
`1.18.1`	Review	30	2026-05-24

Related campaigns

Block this in CI

PkgRadar gates @pocketprep/types (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @pocketprep/[email protected]