npm · registry.npmjs.org
@specverse/engine-realize
Credential file access: matched ".AWS"
Why PkgRadar flagged 4.0.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".AWS" · package/libs/instance-factories/tools/templates/mcp/static/src/services/CLIProxyService.ts |
| medium | Remote Payload | matched "curl " · package/libs/instance-factories/tools/templates/mcp/static/scripts/build-enterprise.js |
| medium | Remote Payload | matched "curl " · package/libs/instance-factories/tools/templates/mcp/static/scripts/test-hybrid-simple.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/libs/instance-factories/tools/templates/vscode/static/syntaxes/specverse.tmLanguage.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.0.3 | Review | 54 | 2026-05-24 |
4.0.4 | Review | 54 | 2026-05-24 |
Related campaigns
- cainen — 6 releases, max score 78
Block this in CI
pkgradar gate --ecosystem npm @specverse/[email protected]