npm · registry.npmjs.org
jfrog-cli-v2-jf
Credential file access: matched ".npmrc"
Why PkgRadar flagged 2.49.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Credential file access | matched ".npmrc" · package/node-v8.11.1-linux-x64/lib/node_modules/npm/lib/config/core.js |
| medium | Credential file access | matched ".npmrc" · package/node-v8.11.1-linux-x64/lib/node_modules/npm/lib/config/defaults.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.49.1 | Review | 15 | 2026-06-10 |
2.49.2 | Review | 15 | 2026-06-10 |
2.108.0 | Review | 2 | 2026-06-10 |
2.49.0 | Review | 15 | 2026-06-10 |
2.107.0 | Review | 2 | 2026-06-03 |
2.106.0 | Review | 2 | 2026-06-01 |
2.104.1 | Review | 2 | 2026-05-30 |
2.105.0 | Review | 2 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]