npm · registry.npmjs.org
harness-init
Credential file access: matched "id_rsa"
Why PkgRadar flagged 1.2.6
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "id_rsa" · package/.claude/profiles/acceptEdits.json |
| high | Credential file access | matched ".aws" · package/.claude/profiles/bypassPermissions.json |
| high | Credential file access | matched "id_rsa" · package/.claude/profiles/default.json |
| high | Credential file access | matched "id_rsa" · package/.claude/profiles/plan.json |
| high | Credential file access | matched "id_rsa" · package/.claude/settings.json |
| medium | Remote Payload | matched "curl " · package/.claude/profiles/acceptEdits.json |
| medium | Remote Payload | matched "curl " · package/.claude/profiles/default.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/.claude/profiles/plan.json |
| medium | Remote Payload | matched "curl " · package/.claude/settings.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.2.6 | Review | 116 | 2026-05-24 |
1.2.7 | Review | 116 | 2026-05-24 |
Related campaigns
- eugene.eee.iskra — 2 releases, max score 116
Block this in CI
pkgradar gate --ecosystem npm [email protected]