npm · registry.npmjs.org
fengming
Credential file access: matched ".npmrc"
Why PkgRadar flagged 0.3.0
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | preinstall added in 0.3.0 vs 0.2.3: "node scripts/preinstall-package-manager-warning.mjs" · package.json |
| high | New Lifecycle Script Vs Previous | postinstall added in 0.3.0 vs 0.2.3: "node scripts/postinstall-bundled-plugins.mjs" · package.json |
| medium | Credential file access | matched ".npmrc" · package/dist/install-package-dir-BaLgZ1Gi.js |
| medium | Credential file access | matched ".npmrc" · package/dist/npm-install-env-BI2gqTE-.js |
| medium | Credential file access | matched ".npmrc" · package/dist/npm-managed-root-Dy2ZayPZ.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.3.0 | High risk | 145 | 2026-06-10 |
0.3.11 | Review | 42 | 2026-06-05 |
0.3.9 | Review | 49 | 2026-06-05 |
0.3.10 | Review | 49 | 2026-06-05 |
0.3.7 | Review | 49 | 2026-06-04 |
0.3.8 | Review | 49 | 2026-06-04 |
0.3.6 | Review | 7 | 2026-06-04 |
0.3.5 | Review | 65 | 2026-06-03 |
0.3.3 | Review | 65 | 2026-06-02 |
0.3.4 | Review | 65 | 2026-06-02 |
0.3.2 | Review | 65 | 2026-06-02 |
0.3.1 | Review | 65 | 2026-06-02 |
0.2.2 | Review | 65 | 2026-06-01 |
0.2.3 | Review | 55 | 2026-06-01 |
0.2.0 | Review | 65 | 2026-06-01 |
0.1.1 | Review | 65 | 2026-06-01 |
0.1.0 | Review | 65 | 2026-06-01 |
Campaign attribution
Block this in CI
pkgradar gate --ecosystem npm [email protected]