npm · registry.npmjs.org
@untemps/react-vocal
Credential file access: matched "GITHUB_TOKEN"
Why PkgRadar flagged 1.7.37
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "GITHUB_TOKEN" · package/.github/workflows/publish.yml |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.0.0-beta.37 | Low risk | 0 | 2026-06-02 |
2.0.0-beta.36 | Low risk | 0 | 2026-06-02 |
2.0.0-beta.35 | Low risk | 0 | 2026-05-31 |
2.0.0-beta.34 | Low risk | 0 | 2026-05-31 |
2.0.0-beta.33 | Low risk | 0 | 2026-05-31 |
2.0.0-beta.32 | Low risk | 0 | 2026-05-31 |
2.0.0-beta.31 | Low risk | 0 | 2026-05-31 |
2.0.0-beta.30 | Low risk | 0 | 2026-05-31 |
2.0.0-beta.28 | Low risk | 0 | 2026-05-29 |
2.0.0-beta.29 | Low risk | 0 | 2026-05-29 |
2.0.0-beta.26 | Low risk | 0 | 2026-05-28 |
2.0.0-beta.24 | Low risk | 0 | 2026-05-27 |
2.0.0-beta.25 | Low risk | 0 | 2026-05-27 |
2.0.0-beta.21 | Low risk | 0 | 2026-05-26 |
2.0.0-beta.20 | Low risk | 0 | 2026-05-26 |
2.0.0-beta.19 | Low risk | 0 | 2026-05-25 |
2.0.0-beta.18 | Low risk | 0 | 2026-05-25 |
2.0.0-beta.17 | Low risk | 0 | 2026-05-24 |
2.0.0-beta.16 | Low risk | 0 | 2026-05-24 |
2.0.0-beta.15 | Low risk | 0 | 2026-05-24 |
2.0.0-beta.14 | Low risk | 0 | 2026-05-24 |
2.0.0-beta.13 | Low risk | 0 | 2026-05-24 |
2.0.0-beta.12 | Low risk | 0 | 2026-05-24 |
2.0.0-beta.11 | Low risk | 0 | 2026-05-24 |
2.0.0-beta.10 | Low risk | 0 | 2026-05-24 |
2.0.0-beta.9 | Low risk | 0 | 2026-05-24 |
1.7.37 | Review | 30 | 2026-05-24 |
2.0.0-beta.8 | Low risk | 0 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @untemps/[email protected]