PkgRadar

npm · registry.npmjs.org

@vucinatim/agentic-devtools

Credential file access: matched ".npmrc"

Why PkgRadar flagged 0.2.4

SeveritySignalEvidence
mediumCredential file accessmatched ".npmrc" · package/src/tools/npm/auth.mjs
mediumCredential file accessmatched "NPM_TOKEN" · package/src/tools/npm/client.mjs
mediumCredential file accessmatched ".npmrc" · package/src/tools/npm/trust-cli.mjs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.4Review142026-05-25
0.2.5Review142026-05-25
0.2.2Review142026-05-25
0.2.3Review142026-05-25
0.1.11Review552026-05-25
0.1.9Review552026-05-25
0.1.10Review552026-05-25

Block this in CI

PkgRadar gates @vucinatim/agentic-devtools (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @vucinatim/[email protected]
Start free — 25 scans / moView full evidence