PkgRadar

npm · registry.npmjs.org

appium-desktop-driver

Credential file access: matched "AWS_ACCESS_KEY"

Why PkgRadar flagged 1.7.2-preview.1

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 1.7.2-preview.1 vs 1.7.1: "node scripts/postinstall.js" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.1.0-preview.6Review32026-06-17
2.1.0-preview.9Review32026-06-17
2.1.0-preview.8Review32026-06-17
1.7.2-preview.1High risk602026-06-10
1.8.0-preview.1High risk602026-06-10
2.1.0-preview.4Review62026-06-09
2.1.0-preview.3Review62026-06-09
2.1.0-preview.2Review62026-06-08
1.7.2Review42026-05-28

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates appium-desktop-driver (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence