npm · registry.npmjs.org

eslint-config-expo-magic

Credential file access: matched "GITHUB_TOKEN"

Why PkgRadar flagged 2.5.2

Severity	Signal	Evidence
high	Credential file access	matched "GITHUB_TOKEN" · package/utils/pr-guardrails.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.2.0`	Low risk	0	2026-06-08
`2.3.0`	Low risk	0	2026-06-08
`2.4.0`	Low risk	0	2026-06-08
`2.5.2`	Review	9	2026-06-08

Block this in CI

PkgRadar gates eslint-config-expo-magic (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]