PkgRadar

npm · registry.npmjs.org

@wayai/cli

Credential file access: matched ".SSH"

Why PkgRadar flagged 0.3.9

SeveritySignalEvidence
highCredential file accessmatched ".SSH" · package/dist/commands/login.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/lib/skill-version.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.3.45Low risk02026-06-14
0.3.44Low risk02026-06-14
0.3.43Low risk02026-06-14
0.3.42Low risk02026-06-14
0.3.41Low risk02026-06-13
0.3.40Low risk02026-06-13
0.3.39Low risk02026-06-11
0.3.38Low risk02026-06-11
0.3.37Low risk02026-06-11
0.3.36Low risk02026-06-11
0.3.35Low risk02026-06-11
0.3.34Low risk02026-06-11
0.3.33Low risk02026-06-11
0.3.32Low risk02026-06-10
0.3.31Low risk02026-06-10
0.3.30Low risk02026-06-09
0.3.29Low risk02026-06-09
0.3.28Low risk02026-06-09
0.3.27Low risk02026-06-09
0.3.26Low risk02026-06-08
0.3.25Low risk02026-06-08
0.3.24Low risk02026-06-08
0.3.23Low risk02026-06-06
0.3.22Low risk02026-06-05
0.3.20Low risk02026-06-05
0.3.21Low risk02026-06-05
0.3.19Low risk02026-06-05
0.3.18Low risk02026-06-02
0.3.17Low risk02026-06-02
0.3.16Low risk02026-06-01
0.3.15Low risk02026-05-31
0.3.14Low risk02026-05-31
0.3.13Low risk02026-05-29
0.3.12Low risk02026-05-29
0.3.11Low risk02026-05-26
0.3.10Low risk02026-05-25
0.3.9Review422026-05-24
0.3.7Review422026-05-24
0.3.8Review422026-05-24

Block this in CI

PkgRadar gates @wayai/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @wayai/[email protected]
Start free — 25 scans / moView full evidence