npm · registry.npmjs.org
tychat-contracts
Credential file access: matched "NPM_TOKEN"
Why PkgRadar flagged 1.6.47
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "NPM_TOKEN" · package/.github/workflows/publish-npm.yml |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.6.83 | Low risk | 0 | 2026-06-17 |
1.6.82 | Low risk | 0 | 2026-06-17 |
1.6.81 | Low risk | 0 | 2026-06-16 |
1.6.80 | Low risk | 0 | 2026-06-16 |
1.6.79 | Low risk | 0 | 2026-06-16 |
1.6.78 | Low risk | 0 | 2026-06-15 |
1.6.76 | Low risk | 0 | 2026-06-15 |
1.6.75 | Low risk | 0 | 2026-06-10 |
1.6.74 | Low risk | 0 | 2026-06-10 |
1.6.73 | Low risk | 0 | 2026-06-10 |
1.6.72 | Low risk | 0 | 2026-06-10 |
1.6.69 | Low risk | 0 | 2026-06-04 |
1.6.68 | Low risk | 0 | 2026-06-02 |
1.6.67 | Low risk | 0 | 2026-06-02 |
1.6.66 | Low risk | 0 | 2026-06-01 |
1.6.65 | Low risk | 0 | 2026-06-01 |
1.6.64 | Low risk | 0 | 2026-06-01 |
1.6.63 | Low risk | 0 | 2026-06-01 |
1.6.61 | Low risk | 0 | 2026-06-01 |
1.6.62 | Low risk | 0 | 2026-06-01 |
1.6.60 | Low risk | 0 | 2026-05-31 |
1.6.59 | Low risk | 0 | 2026-05-31 |
1.6.58 | Low risk | 0 | 2026-05-31 |
1.6.57 | Low risk | 0 | 2026-05-30 |
1.6.56 | Low risk | 0 | 2026-05-30 |
1.6.53 | Low risk | 0 | 2026-05-30 |
1.6.52 | Low risk | 0 | 2026-05-30 |
1.6.50 | Low risk | 0 | 2026-05-29 |
1.6.51 | Low risk | 0 | 2026-05-29 |
1.6.47 | Review | 30 | 2026-05-24 |
1.6.46 | Review | 30 | 2026-05-24 |
1.6.45 | Review | 30 | 2026-05-24 |
1.6.44 | Review | 30 | 2026-05-24 |
Related campaigns
- algowisedev — 4 releases, max score 30
Block this in CI
pkgradar gate --ecosystem npm [email protected]