npm · registry.npmjs.org

i18n-rosetta

Credential file access: matched ".AZURE"

Why PkgRadar flagged 3.3.1

Severity	Signal	Evidence
high	Credential file access	matched ".AZURE" · package/lib/methods/microsoft-translator.js
medium	Remote Payload	matched "github.com/dadap/pIqaD-fonts/releases/download" · package/lib/commands/fonts.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.3.2`	Low risk	0	2026-05-28
`3.3.0`	Low risk	0	2026-05-24
`3.3.1`	Review	42	2026-05-24

Block this in CI

PkgRadar gates i18n-rosetta (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]