npm · registry.npmjs.org
zapmyco
Credential file access: matched ".ssh"
Why PkgRadar flagged 0.16.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".ssh" · package/dist/cli/index.mjs |
| medium | Remote Payload | matched "curl " · package/dist/cli/index.mjs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.22.2 | Low risk | 0 | 2026-05-27 |
0.22.1 | Low risk | 0 | 2026-05-26 |
0.20.5 | Low risk | 0 | 2026-05-25 |
0.20.6 | Low risk | 0 | 2026-05-25 |
0.20.4-beta.0 | Low risk | 0 | 2026-05-25 |
0.20.3 | Low risk | 0 | 2026-05-25 |
0.20.2 | Low risk | 0 | 2026-05-25 |
0.20.1 | Low risk | 0 | 2026-05-25 |
0.20.0 | Low risk | 0 | 2026-05-25 |
0.19.2 | Low risk | 0 | 2026-05-25 |
0.19.1 | Low risk | 0 | 2026-05-25 |
0.19.0 | Low risk | 0 | 2026-05-25 |
0.18.0 | Low risk | 0 | 2026-05-25 |
0.17.2-beta.2 | Low risk | 0 | 2026-05-25 |
0.17.2-beta.1 | Low risk | 0 | 2026-05-25 |
0.16.0 | Review | 42 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]