npm · registry.npmjs.org
sverklo
Known Indicator Filename: package/dist/src/search/bundle.js
Why PkgRadar flagged 0.26.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Known Indicator Filename | package/dist/src/search/bundle.js · package/dist/src/search/bundle.js |
| high | Credential file access | matched ".aws" · package/dist/src/server/tools/ast-grep.js |
| high | Credential file access | matched ".ssh" · package/dist/src/workspace.js |
| medium | Remote Payload | matched "curl " · package/dist/src/memory/export.js |
| medium | Remote Payload | matched "curl " · package/dist/src/utils/ollama.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.29.1 | Low risk | 0 | 2026-06-04 |
0.29.0 | Low risk | 0 | 2026-05-30 |
0.28.0 | Low risk | 0 | 2026-05-30 |
0.27.0 | Low risk | 0 | 2026-05-30 |
0.26.1 | Low risk | 0 | 2026-05-30 |
0.28.2 | Low risk | 0 | 2026-05-29 |
0.28.3 | Low risk | 0 | 2026-05-29 |
0.26.0 | Review | 129 | 2026-05-24 |
0.25.1 | Review | 129 | 2026-05-24 |
0.25.2 | Review | 129 | 2026-05-24 |
Related campaigns
- known_indicator_filename:package/dist/src/search/bundle.js — 3 releases, max score 144
- marazmo — 3 releases, max score 144
Block this in CI
pkgradar gate --ecosystem npm [email protected]