npm · registry.npmjs.org
jonggrang
Credential file access: matched ".ssh/"
Why PkgRadar flagged 0.10.9
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".ssh/" · package/apis/projects/orchestration-run.js |
| high | Credential file access | matched ".ssh/" · package/lib/sandbox-git.js |
| high | Credential file access | matched "id_rsa" · package/lib/sandbox.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.10.9 | Review | 100 | 2026-06-17 |
0.9.4 | Review | 100 | 2026-06-16 |
0.8.3 | Review | 90 | 2026-06-09 |
0.8.2 | Review | 90 | 2026-06-09 |
0.8.0 | Review | 80 | 2026-06-08 |
0.8.1 | Review | 90 | 2026-06-08 |
0.7.3 | Review | 20 | 2026-06-01 |
0.7.2 | Review | 20 | 2026-05-26 |
0.5.2 | Review | 112 | 2026-05-24 |
0.6.1 | Review | 112 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]