npm · registry.npmjs.org

superposition-provider

Credential file access: matched ".aws"

Why PkgRadar flagged 0.109.0

Severity	Signal	Evidence
high	Credential file access	matched ".aws" · package/dist/index.esm.js
high	Credential file access	matched ".aws" · package/dist/index.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.112.0`	Low risk	0	2026-06-11
`0.108.0`	Low risk	0	2026-06-08
`0.111.0`	Low risk	0	2026-06-08
`0.109.0`	Review	50	2026-05-24
`0.110.0`	Review	50	2026-05-24

Block this in CI

PkgRadar gates superposition-provider (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]