npm · registry.npmjs.org
@purpleschool/rugpt-lib-common
Credential file access: matched "NPM_TOKEN"
Why PkgRadar flagged 0.0.49
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "NPM_TOKEN" · package/.github/workflows/deploy-lib.yml |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.0.62 | Low risk | 0 | 2026-06-09 |
0.0.61 | Low risk | 0 | 2026-06-09 |
0.0.60 | Low risk | 0 | 2026-06-08 |
0.0.59 | Low risk | 0 | 2026-06-07 |
0.0.58 | Low risk | 0 | 2026-06-05 |
0.0.57 | Low risk | 0 | 2026-06-05 |
0.0.56 | Low risk | 0 | 2026-06-05 |
0.0.55 | Low risk | 0 | 2026-06-05 |
0.0.54 | Low risk | 0 | 2026-06-04 |
0.0.53 | Low risk | 0 | 2026-06-04 |
0.0.52 | Low risk | 0 | 2026-05-29 |
0.0.51 | Low risk | 0 | 2026-05-29 |
0.0.49 | Review | 30 | 2026-05-24 |
0.0.50 | Review | 30 | 2026-05-24 |
Related campaigns
- alaricode — 2 releases, max score 30
Block this in CI
pkgradar gate --ecosystem npm @purpleschool/[email protected]