PkgRadar

npm · registry.npmjs.org

@sassoftware/registerclient

Credential File Packaged: package/.env

Why PkgRadar flagged 6.2.2

SeveritySignalEvidence
highCredential File Packagedpackage/.env · package/.env
mediumRemote Payloadmatched "curl " · package/restaf/pwlogon.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
6.2.2High risk232026-06-10
6.2.0High risk232026-06-10
4.4.0High risk172026-06-10
5.0.0High risk172026-06-10
6.0.0High risk172026-06-10
6.1.0High risk172026-06-10

Block this in CI

PkgRadar gates @sassoftware/registerclient (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @sassoftware/[email protected]
Start free — 25 scans / moView full evidence