PkgRadar

npm · registry.npmjs.org

@wallet-ui/core

Credential file access: matched "GITHUB_TOKEN"

Why PkgRadar flagged 4.1.1-canary-20260519210405

SeveritySignalEvidence
highCredential file accessmatched "GITHUB_TOKEN" · package/package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
4.2.0-canary-20260603190457Low risk02026-06-03
4.2.0Low risk02026-06-03
4.2.0-canary-20260602204251Low risk02026-06-02
4.2.0-canary-20260602194314Low risk02026-06-02
4.1.1-canary-20260525184219Low risk02026-05-25
4.1.1Low risk02026-05-25
4.1.1-canary-20260519210405Review302026-05-25
4.1.1-canary-20260525011944Review302026-05-25

Block this in CI

PkgRadar gates @wallet-ui/core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @wallet-ui/[email protected]
Start free — 25 scans / moView full evidence