npm · registry.npmjs.org

cumora

Credential file access: matched ".ssh"

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.124`	Low risk	0	2026-06-15
`0.1.123`	Low risk	0	2026-06-12
`0.1.122`	Low risk	0	2026-06-09
`0.1.121`	Low risk	0	2026-06-06
`0.1.120`	Low risk	0	2026-06-04
`0.1.119`	Low risk	0	2026-06-03
`0.1.106`	Low risk	0	2026-06-02
`0.1.105`	Low risk	0	2026-06-01
`0.1.102`	Low risk	0	2026-06-01
`0.1.101`	Low risk	0	2026-06-01
`0.1.100`	Low risk	0	2026-05-30
`0.1.99`	Low risk	0	2026-05-30
`0.1.98`	Low risk	0	2026-05-29
`0.1.96`	Low risk	0	2026-05-29
`0.1.97`	Low risk	0	2026-05-29
`0.1.94`	Low risk	0	2026-05-29
`0.1.93`	Low risk	0	2026-05-29
`0.1.92`	Low risk	0	2026-05-29
`0.1.91`	Low risk	0	2026-05-29
`0.1.90`	Low risk	0	2026-05-28
`0.1.89`	Low risk	0	2026-05-28
`0.1.76`	Review	5	2026-05-28
`0.1.78`	Review	5	2026-05-28
`0.1.73`	Review	3	2026-05-27
`0.1.74`	Review	3	2026-05-27
`0.1.64`	Review	3	2026-05-26
`0.1.66`	Review	3	2026-05-26
`0.1.52`	Review	3	2026-05-26
`0.1.51`	Review	5	2026-05-25
`0.1.50`	Review	5	2026-05-25
`0.1.48`	Review	5	2026-05-25
`0.1.49`	Review	5	2026-05-25
`0.1.45`	Review	5	2026-05-25
`0.1.46`	Review	5	2026-05-25
`0.1.43`	Review	5	2026-05-25
`0.1.42`	Review	5	2026-05-25
`0.1.41`	Review	5	2026-05-25
`0.1.40`	Low risk	0	2026-05-25

Block this in CI

PkgRadar gates cumora (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]