npm · registry.npmjs.org
typescript-virtual-container
Credential file access: matched ".ssh"
Why PkgRadar flagged 1.7.5
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".ssh" · package/dist/modules/SSHMimic/hostKey.js |
| high | Credential file access | matched ".SSH" · package/dist/modules/VirtualShell/index.js |
| high | Credential file access | matched ".SSH" · package/dist/modules/VirtualUserManager/index.js |
| high | Credential file access | matched ".ssh" · package/dist/modules/linuxRootfs.js |
| high | Install-time lifecycle script | postinstall="node scripts/postinstall.js" · package.json |
| high | Install Lifecycle Remote Or Exec | postinstall="node scripts/postinstall.js" · package.json |
| medium | Remote Payload | matched "curl " · package/dist/commands/curl.js |
| medium | Remote Payload | matched "curl " · package/dist/modules/VirtualPackageManager/index.js |
| medium | Remote Payload | matched "curl\n" · package/dist/modules/linuxRootfs.js |
| medium | Remote Payload | matched "curl " · package/dist/commands/manuals-bundle.js |
| medium | Remote Payload | matched "curl " · package/dist/modules/VirtualProxy.js |
| medium | Remote Payload | matched "wget " · package/dist/commands/wget.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.7.5 | Review | 207 | 2026-05-24 |
1.7.6 | Review | 207 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]