npm · registry.npmjs.org

@supplycart-my/ui

Credential file access: matched "GITHUB_TOKEN"

Why PkgRadar flagged 3.0.6

Severity	Signal	Evidence
high	Credential file access	matched "GITHUB_TOKEN" · package/.github/workflows/pr-check.yml

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.0.6`	Review	30	2026-05-25
`3.0.7`	Review	30	2026-05-25

Block this in CI

PkgRadar gates @supplycart-my/ui (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @supplycart-my/[email protected]