npm · registry.npmjs.org

@qwen-code/qwen-code

Credential file access: matched "AWS_ACCESS_KEY"

Why PkgRadar flagged 0.18.3-preview.0

Severity	Signal	Evidence
medium	Credential file access	matched "AWS_ACCESS_KEY" · package/chunks/chunk-55ZMG67I.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.18.3-preview.0`	Review	7	2026-06-17
`0.18.2`	Review	7	2026-06-17
`0.18.1-preview.1`	Review	3	2026-06-17
`0.18.1-preview.0`	Review	3	2026-06-16
`0.18.1-nightly.20260616.a68b2e1e7`	Review	7	2026-06-16
`0.18.1`	Review	7	2026-06-15
`0.18.0`	Review	7	2026-06-12
`0.18.0-preview.2`	Review	7	2026-06-11
`0.18.0-preview.1`	Review	7	2026-06-09
`0.18.0-preview.0`	Review	5	2026-06-09
`0.17.1-nightly.20260608.aea34fa2c`	Review	5	2026-06-08
`0.17.1-nightly.20260607.cef26a86a`	Review	5	2026-06-07
`0.17.1-nightly.20260606.16c1d9a5a`	Review	5	2026-06-06
`0.17.1-nightly.20260605.715266537`	Review	5	2026-06-05
`0.17.1-nightly.20260604.16dd99fa3`	Review	5	2026-06-04
`0.17.1`	Review	5	2026-06-03
`0.17.0-preview.0`	Review	2	2026-06-03
`0.17.0-nightly.20260602.cea15a118`	Review	2	2026-06-03
`0.17.0-nightly.20260603.68408c30c`	Review	2	2026-06-03
`0.17.0-nightly.20260601.1c48e4121`	Review	2	2026-06-01
`0.17.0-nightly.20260531.c699738f9`	Review	2	2026-05-31
`0.17.0-nightly.20260530.c699738f9`	Review	2	2026-05-30
`0.17.0`	Review	2	2026-05-29
`0.16.1-nightly.20260529.7bed56b9b`	Review	2	2026-05-29
`0.16.1-nightly.20260528.34b7d472e`	Review	29	2026-05-28
`0.16.2`	Review	41	2026-05-27
`0.16.1-nightly.20260527.641a1a739`	Review	29	2026-05-27
`0.16.1-preview.0`	Review	29	2026-05-27
`0.16.1-nightly.20260526.e8b79d772`	Review	29	2026-05-26
`0.16.1-nightly.20260524.84f408017`	Review	174	2026-05-25
`0.16.1-nightly.20260525.84f408017`	Review	174	2026-05-25

Block this in CI

PkgRadar gates @qwen-code/qwen-code (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @qwen-code/[email protected]