npm · registry.npmjs.org
@unimatrix27/ralph-harness
Credential file access: matched "GITHUB_TOKEN"
Why PkgRadar flagged 1.1.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "GITHUB_TOKEN" · package/dist/lib/fire-launcher.js |
| high | Credential file access | matched "GITHUB_TOKEN" · package/dist/bin/ralph-bootstrap-aws.js |
| high | Credential file access | matched "GITHUB_TOKEN" · package/dist/bin/ralph-sync-github-pat.js |
| high | Credential file access | matched ".aws" · package/dist/lib/user-data-renderer.js |
| high | Credential file access | matched "GITHUB_TOKEN" · package/lib/cloud-init/system-setup.sh |
| medium | Remote Payload | matched "curl " · package/dist/lib/user-data-renderer.js |
| medium | Remote Payload | matched "curl " · package/lib/cloud-init/system-setup.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.1.1 | Review | 104 | 2026-05-24 |
1.0.4 | Review | 104 | 2026-05-24 |
1.1.0 | Review | 104 | 2026-05-24 |
Related campaigns
- unimatrix28 — 3 releases, max score 104
Block this in CI
pkgradar gate --ecosystem npm @unimatrix27/[email protected]