npm · registry.npmjs.org

practical-exam

Credential file access: matched ".aws"

Why PkgRadar flagged 1.0.0

Severity	Signal	Evidence
high	Credential file access	matched ".aws" · package/backend-project/node_modules/aws-ssl-profiles/lib/profiles/ca/defaults.js
high	Credential file access	matched ".aws" · package/backend-project/node_modules/aws-ssl-profiles/lib/profiles/ca/proxies.js
high	Credential file access	matched "GITHUB_TOKEN" · package/backend-project/node_modules/undefsafe/.github/workflows/release.yml
medium	Remote Payload	matched "raw.githubusercontent.com" · package/backend-project/node_modules/mysql2/lib/constants/errors.js
medium	Obfuscation Density	high encoded/escaped-token density · package/backend-project/node_modules/is-property/is-property.js
medium	Obfuscation Density	high encoded/escaped-token density · package/backend-project/node_modules/iconv-lite/encodings/sbcs-data-generated.js
medium	Obfuscation Density	high encoded/escaped-token density · package/backend-project/node_modules/.package-lock.json
medium	Obfuscation Density	high encoded/escaped-token density · package/backend-project/package-lock.json
medium	Obfuscation Density	high encoded/escaped-token density · package/frontend-project/package-lock.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.0`	Review	92	2026-05-24

Block this in CI

PkgRadar gates practical-exam (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]