npm · registry.npmjs.org
npm-scan-plus
Credential file access: matched ".ssh"
Why PkgRadar flagged 1.0.8
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".ssh" · package/dist/lib/extended.js |
| high | Credential file access | matched ".ssh" · package/tests/extended.test.js |
| high | Credential file access | matched ".aws" · package/dist/lib/patterns.js |
| high | Credential file access | matched "id_rsa" · package/tests/patterns.test.js |
| high | Credential file access | matched "GITHUB_TOKEN" · package/dist/lib/scanner.js |
| high | Credential file access | matched "GITHUB_TOKEN" · package/dist/lib/vuln.js |
| high | Credential file access | matched ".ssh" · package/tests/extended.test.ts |
| high | Credential file access | matched ".ssh" · package/src/lib/extended.ts |
| high | Credential file access | matched "id_rsa" · package/tests/patterns.test.ts |
| high | Credential file access | matched ".aws" · package/src/lib/patterns.ts |
| high | Credential file access | matched "GITHUB_TOKEN" · package/src/lib/scanner.ts |
| high | Credential file access | matched "GITHUB_TOKEN" · package/src/lib/vuln.ts |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.1.1 | Low risk | 0 | 2026-06-05 |
1.1.0 | Low risk | 0 | 2026-06-05 |
1.0.8 | Review | 100 | 2026-05-24 |
1.0.9 | Review | 100 | 2026-05-24 |
Related campaigns
- gsxrchris — 2 releases, max score 240
Block this in CI
pkgradar gate --ecosystem npm [email protected]