PkgRadar

npm · registry.npmjs.org

cdk-events-notify

Credential file access: matched ".aws"

Why PkgRadar flagged 2.3.33

SeveritySignalEvidence
highCredential file accessmatched ".aws" · package/function/console-login-event.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.3.53Low risk02026-06-13
2.3.52Low risk02026-06-13
0.2.36Low risk02026-06-13
0.2.37Low risk02026-06-13
0.2.41Low risk02026-06-12
0.2.40Low risk02026-06-12
0.2.35Low risk02026-06-11
0.2.38Low risk02026-06-11
0.2.39Low risk02026-06-11
2.3.51Low risk02026-06-11
2.3.50Low risk02026-06-10
2.3.49Low risk02026-06-09
2.3.48Low risk02026-06-08
2.3.47Low risk02026-06-07
2.3.46Low risk02026-06-06
2.3.45Low risk02026-06-05
2.3.44Low risk02026-06-04
2.3.43Low risk02026-06-03
2.3.42Low risk02026-06-02
2.3.41Low risk02026-06-01
2.3.40Low risk02026-05-31
2.3.39Low risk02026-05-30
2.3.38Low risk02026-05-29
2.3.37Low risk02026-05-28
2.3.36Low risk02026-05-27
2.3.35Low risk02026-05-26
2.3.33Review302026-05-25
2.3.34Review302026-05-25

Block this in CI

PkgRadar gates cdk-events-notify (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence