npm · registry.npmjs.org

@wallet-ui/react

Credential file access: matched "GITHUB_TOKEN"

Why PkgRadar flagged 4.1.1-canary-20260519210405

Severity	Signal	Evidence
high	Credential file access	matched "GITHUB_TOKEN" · package/package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.2.0-canary-20260603190457`	Low risk	0	2026-06-03
`4.2.0`	Low risk	0	2026-06-03
`4.2.0-canary-20260602204251`	Low risk	0	2026-06-02
`4.2.0-canary-20260602194314`	Low risk	0	2026-06-02
`4.1.1-canary-20260525184219`	Low risk	0	2026-05-25
`4.1.1`	Low risk	0	2026-05-25
`4.1.1-canary-20260519210405`	Review	30	2026-05-25
`4.1.1-canary-20260525011944`	Review	30	2026-05-25

Block this in CI

PkgRadar gates @wallet-ui/react (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @wallet-ui/[email protected]