npm · registry.npmjs.org
nexus-prime
Credential file access: matched "GITHUB_TOKEN"
Why PkgRadar flagged 7.9.30
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "GITHUB_TOKEN" · package/dist/engines/github-bridge.js |
| high | Credential file access | matched "GITHUB_TOKEN" · package/dist/engines/guardrails-bridge.js |
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"const fs=require('fs'); const cleanup='dist/postinstall/cleanup.js'; if (fs.existsSync(cleanup)) { import('./'+cleanup).catch(()=>{}); } const p='dist/postinstall-bootstrap.js'; if (fs.existsSync(p)) { import('./'+p); }\"" · package.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/engines/guardrails-bridge.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
7.9.30 | High risk | 97 | 2026-06-13 |
7.9.29 | High risk | 97 | 2026-06-13 |
7.9.28 | High risk | 97 | 2026-06-10 |
7.9.26 | High risk | 97 | 2026-06-10 |
7.9.27 | High risk | 97 | 2026-06-10 |
7.9.25 | High risk | 67 | 2026-06-10 |
7.9.31 | High risk | 67 | 2026-06-10 |
7.9.33 | High risk | 67 | 2026-06-10 |
7.9.24 | High risk | 67 | 2026-06-10 |
7.9.23 | High risk | 97 | 2026-06-10 |
7.10.0 | Review | 5 | 2026-06-04 |
7.9.40 | Review | 3 | 2026-06-03 |
7.9.39 | Review | 3 | 2026-06-02 |
7.9.38 | Review | 3 | 2026-06-02 |
7.9.37 | Review | 3 | 2026-06-02 |
7.9.36 | Review | 5 | 2026-06-01 |
7.9.34 | Review | 3 | 2026-06-01 |
7.9.35 | Review | 5 | 2026-06-01 |
Campaign attribution
Related campaigns
- adarsh.agrahari26 — 8 releases, max score 130
Block this in CI
pkgradar gate --ecosystem npm [email protected]