npm · registry.npmjs.org

ummaya

Credential file access: matched ".ssh"

Why PkgRadar flagged 0.1.0

Severity	Signal	Evidence
high	Credential file access	matched ".ssh" · package/src/ummaya/safety/_patterns.py
high	Credential file access	matched ".npmrc" · package/tui/src/utils/autoUpdater.ts
high	Credential file access	matched ".aws" · package/tui/src/utils/aws.ts
high	Credential file access	matched "KUBECONFIG" · package/tui/src/tools/BashTool/bashPermissions.ts
high	Credential file access	matched ".ssh" · package/tui/src/tools/BashTool/bashSecurity.ts
high	Credential file access	matched ".azure" · package/src/ummaya/llm/_cc_reference/client.ts
high	Credential file access	matched ".ssh" · package/tui/src/utils/permissions/dangerousPatterns.ts
high	Credential file access	matched ".AWS" · package/tui/src/utils/env.ts
high	Credential file access	matched ".AWS" · package/tui/src/utils/envUtils.ts
high	Credential file access	matched ".azure" · package/tui/src/utils/plugins/fetchTelemetry.ts
high	Credential file access	matched ".ssh" · package/tui/src/utils/permissions/filesystem.ts
high	Credential file access	matched ".ssh" · package/tui/src/utils/fsOperations.ts

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.2.4`	Review	29	2026-05-31
`0.2.3`	Review	53	2026-05-25
`0.2.2`	Review	53	2026-05-25
`0.2.1`	Review	230	2026-05-24
`0.2.0`	Review	230	2026-05-24
`0.0.0-namecheck`	Low risk	0	2026-05-24
`0.1.0`	High risk	230	2026-05-24
`0.1.2`	Review	230	2026-05-24
`0.1.3`	Review	230	2026-05-24
`0.1.5`	Review	230	2026-05-24
`0.1.6`	High risk	230	2026-05-24
`0.1.7`	Review	230	2026-05-24
`0.1.8`	Review	230	2026-05-24
`0.1.11`	Review	230	2026-05-24
`0.1.12`	Review	230	2026-05-24
`0.1.14`	Review	230	2026-05-24
`0.1.15`	Review	230	2026-05-24
`0.1.17`	Review	230	2026-05-24
`0.1.18`	Review	230	2026-05-24

Related campaigns

Block this in CI

PkgRadar gates ummaya (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]