PkgRadar

npm · registry.npmjs.org

@skuba-lib/api

Credential file access: matched ".npmrc"

Why PkgRadar flagged 2.2.0-add-cdk-NodejsFunction-20260613141552

SeveritySignalEvidence
mediumCredential file accessmatched ".npmrc" · package/lib/cdk/nodejsFunction/index.mjs

Scanned versions

VersionVerdictScoreScanned (UTC)
2.2.0-add-cdk-NodejsFunction-20260613141552Review42026-06-13
2.2.0-add-cdk-NodejsFunction-20260613135656Review42026-06-13
2.2.0-add-cdk-NodejsFunction-20260613134315Review42026-06-13
2.2.0-main-20260609014203Low risk02026-06-09
2.2.0-move-cdk-snapshot-normalisation-20260516083104Low risk02026-06-09
2.1.2-patch-import-order-20260513135055Low risk02026-06-09
2.1.2-renovate-execa-9.x-20260513091933Low risk02026-06-09
2.1.2Low risk02026-06-09

Block this in CI

PkgRadar gates @skuba-lib/api (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @skuba-lib/[email protected]
Start free — 25 scans / moView full evidence