npm · registry.npmjs.org
studiograph
Known Indicator Filename: package/dist/core/secrets/bundle.js
Why PkgRadar flagged 1.3.48-next.169
| Severity | Signal | Evidence |
|---|---|---|
| high | Known Indicator Filename | package/dist/core/secrets/bundle.js · package/dist/core/secrets/bundle.js |
| high | Credential file access | matched ".azure" · package/dist/web/_app/immutable/chunks/ByUx3gj7.js |
| high | Credential file access | matched "GITHUB_TOKEN" · package/dist/utils/git.js |
| high | Credential file access | matched ".ssh" · package/dist/agent/tools/graph-tools.js |
| medium | Remote Payload | matched "cUrl " · package/dist/server/routes/r2-api.js |
| medium | Remote Payload | matched "cUrl " · package/dist/services/assets/r2-sync.js |
| medium | Remote Payload | matched "cUrl " · package/dist/cli/commands/r2.js |
| medium | Remote Payload | matched "cUrl " · package/dist/services/assets/r2.js |
| medium | Remote Payload | matched "curl " · package/dist/mcp/server.js |
| medium | Remote Payload | matched "cUrl " · package/dist/core/workspace-manager.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.3.48-next.249 | Low risk | 0 | 2026-06-16 |
1.3.48-next.248 | Low risk | 0 | 2026-06-15 |
1.3.48-next.247 | Low risk | 0 | 2026-06-15 |
1.3.48-next.246 | Low risk | 0 | 2026-06-15 |
1.3.48-next.244 | Low risk | 0 | 2026-06-15 |
1.3.48-next.245 | Low risk | 0 | 2026-06-15 |
1.3.48-next.243 | Low risk | 0 | 2026-06-15 |
1.3.48-next.242 | Low risk | 0 | 2026-06-14 |
1.3.48-next.241 | Low risk | 0 | 2026-06-14 |
1.3.48-next.240 | Low risk | 0 | 2026-06-14 |
1.3.48-next.239 | Low risk | 0 | 2026-06-13 |
1.3.48-next.238 | Low risk | 0 | 2026-06-13 |
1.3.48-next.237 | Low risk | 0 | 2026-06-13 |
1.3.48-next.236 | Low risk | 0 | 2026-06-12 |
1.3.48-next.235 | Low risk | 0 | 2026-06-12 |
1.3.48-next.234 | Low risk | 0 | 2026-06-12 |
1.3.48-next.233 | Low risk | 0 | 2026-06-12 |
1.3.48-next.232 | Low risk | 0 | 2026-06-12 |
1.3.48-next.231 | Low risk | 0 | 2026-06-12 |
1.3.48-next.230 | Low risk | 0 | 2026-06-11 |
1.3.48-next.229 | Low risk | 0 | 2026-06-11 |
1.3.48-next.228 | Low risk | 0 | 2026-06-11 |
1.3.48-next.227 | Low risk | 0 | 2026-06-11 |
1.3.48-next.226 | Low risk | 0 | 2026-06-11 |
1.3.48-next.225 | Low risk | 0 | 2026-06-11 |
1.3.48-next.224 | Low risk | 0 | 2026-06-11 |
1.3.48-next.223 | Low risk | 0 | 2026-06-11 |
1.3.48-next.222 | Low risk | 0 | 2026-06-11 |
1.3.48-next.221 | Low risk | 0 | 2026-06-11 |
1.3.48-next.219 | Low risk | 0 | 2026-06-11 |
1.3.48-next.220 | Low risk | 0 | 2026-06-11 |
1.3.48-next.218 | Low risk | 0 | 2026-06-10 |
1.3.48-next.217 | Low risk | 0 | 2026-06-10 |
1.3.48-next.216 | Low risk | 0 | 2026-06-10 |
1.3.47 | Low risk | 0 | 2026-06-10 |
1.3.48-next.215 | Low risk | 0 | 2026-06-10 |
1.3.48-next.214 | Low risk | 0 | 2026-06-09 |
1.3.48-next.213 | Low risk | 0 | 2026-06-09 |
1.3.48-next.212 | Low risk | 0 | 2026-06-09 |
1.3.48-next.211 | Low risk | 0 | 2026-06-09 |
1.3.48-next.210 | Low risk | 0 | 2026-06-09 |
1.3.48-next.209 | Low risk | 0 | 2026-06-08 |
1.3.48-next.208 | Low risk | 0 | 2026-06-07 |
1.3.48-next.207 | Low risk | 0 | 2026-06-06 |
1.3.48-next.206 | Low risk | 0 | 2026-06-05 |
1.3.48-next.205 | Low risk | 0 | 2026-06-04 |
1.3.48-next.204 | Low risk | 0 | 2026-06-04 |
1.3.48-next.203 | Low risk | 0 | 2026-06-03 |
1.3.48-next.202 | Low risk | 0 | 2026-06-03 |
1.3.48-next.201 | Low risk | 0 | 2026-06-02 |
1.3.48-next.200 | Low risk | 0 | 2026-06-02 |
1.3.48-next.199 | Low risk | 0 | 2026-06-02 |
1.3.48-next.198 | Low risk | 0 | 2026-06-02 |
1.3.48-next.197 | Low risk | 0 | 2026-06-02 |
1.3.48-next.196 | Low risk | 0 | 2026-06-02 |
1.3.48-next.195 | Low risk | 0 | 2026-06-02 |
1.3.48-next.193 | Low risk | 0 | 2026-06-01 |
1.3.48-next.194 | Low risk | 0 | 2026-06-01 |
1.3.48-next.191 | Low risk | 0 | 2026-06-01 |
1.3.48-next.192 | Low risk | 0 | 2026-06-01 |
1.3.48-next.190 | Low risk | 0 | 2026-05-31 |
1.3.48-next.189 | Low risk | 0 | 2026-05-31 |
1.3.48-next.188 | Low risk | 0 | 2026-05-30 |
1.3.48-next.187 | Low risk | 0 | 2026-05-30 |
1.3.48-beta.2 | Low risk | 0 | 2026-05-30 |
1.3.48-beta.0 | Low risk | 0 | 2026-05-30 |
1.3.48-next.179 | Low risk | 0 | 2026-05-30 |
1.3.48-next.178 | Low risk | 0 | 2026-05-30 |
1.3.48-next.177 | Low risk | 0 | 2026-05-30 |
1.3.48-next.176 | Low risk | 0 | 2026-05-30 |
1.3.48-next.175 | Low risk | 0 | 2026-05-30 |
1.3.48-next.174 | Low risk | 0 | 2026-05-30 |
1.3.48-next.173 | Low risk | 0 | 2026-05-30 |
1.3.48-next.172 | Low risk | 0 | 2026-05-30 |
1.3.48-next.169 | Review | 197 | 2026-05-24 |
1.3.48-next.170 | Review | 197 | 2026-05-24 |
Related campaigns
- known_indicator_filename:package/dist/core/secrets/bundle.js — 2 releases, max score 293
- christianmarcschmidt — 2 releases, max score 293
Block this in CI
pkgradar gate --ecosystem npm [email protected]