PkgRadar

Package evidence

@egarcia74/[email protected]

Credential file access: matched "AWS_ACCESS_KEY"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
4
First published
Sep 2025
Publisher
egarcia74

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@egarcia74/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@egarcia74/[email protected]"],"fail_on":"review"}'
Publisheregarcia74
Artifact bytes165,092
Previous version1.7.12
Published2025-09-15T06:10:59.396Z
SHA-2560a5edcf72d725866e796a5357e724a769c565af45c2ae73b62c74301f22d3a11

Why flagged

What the scanner saw

Credential file access: matched "AWS_ACCESS_KEY"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
5Score
1.7.13Version
Status history (1 event)
  1. newavailable · risk review · score 5 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowCredential file accesspackage/lib/config/secret-manager.jsmatched "AWS_ACCESS_KEY"5

Manifest

Package metadata

Scripts67
  • audit:fixnpm audit fix
  • cinpm run lint && npm run format:check && npm run markdown:lint && npm run links:check:ci && npm run test:coverage && npm run security:audit
  • cleanrm -rf node_modules coverage .vitest
  • cleanup./scripts/cleanup-test-processes.sh
  • cleanup:processes./scripts/cleanup-test-processes.sh
  • devnode --watch index.js
  • docker:cleandocker compose -f test/docker/docker-compose.yml down -v && docker system prune -f
  • docker:detectnode test/docker/detect-platform.js
  • docker:initecho '🔧 Initializing database schema...' && docker exec warp-mcp-sqlserver /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P WarpMCP123! -C -b -i /tmp/init-db.sql && echo '✅ Database initialization completed successfully' || (echo '❌ Database initialization FAILED - check logs above' && exit 1)
  • docker:logsdocker logs warp-mcp-sqlserver
  • docker:resetecho '🔄 Resetting SQL Server container with fresh data...' && npm run docker:clean && npm run docker:start
  • docker:restartnpm run docker:stop && npm run docker:start
  • docker:shelldocker exec -it warp-mcp-sqlserver /bin/bash
  • docker:sqldocker exec -it warp-mcp-sqlserver /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P WarpMCP123! -C
  • docker:startTESTING_MODE=true npm run docker:detect && echo '🐳 Starting optimized SQL Server container...' && docker compose -f test/docker/docker-compose.yml up -d && npm run docker:wait
  • docker:start:initnpm run docker:start && npm run docker:init || (echo '❌ Docker initialization failed - see errors above' && exit 1)
  • docker:start:verbosenpm run docker:detect && echo '🐳 Starting optimized SQL Server container...' && docker compose -f test/docker/docker-compose.yml up -d && npm run docker:wait
  • docker:start:verbose:initnpm run docker:start:verbose && npm run docker:init || (echo '❌ Docker initialization failed - see errors above' && exit 1)
  • docker:statusdocker ps --filter name=warp-mcp-sqlserver
  • docker:stopecho '🔴 Stopping SQL Server container...' && docker compose -f test/docker/docker-compose.yml down
  • docker:test./scripts/docker-test-runner.sh
  • docker:test-connectionnode test/docker/test-connectivity.js
  • docker:test:clean./scripts/docker-test-runner.sh --clean
  • docker:troubleshootnode test/docker/troubleshoot-apple-silicon.js
  • docker:verifynode test/docker/verify-platform-detection.js
  • docker:waitnode test/docker/wait-for-db.js
  • docs:buildnpm run docs:extract && npm run docs:generate-tools && npm run docs:generate-landing
  • docs:extractnode scripts/docs/extract-docs.js
  • docs:generate-landingnode scripts/docs/generate-landing-page.js
  • docs:generate-toolsnode scripts/docs/generate-tools-html.js
  • …and 37 more.
Dependencies8
  • @azure/identity^4.11.1
  • @azure/keyvault-secrets^4.10.0
  • @modelcontextprotocol/sdk^1.17.5
  • aws-sdk^2.1692.0
  • dotenv^17.2.1
  • mssql^11.0.1
  • node-sql-parser^5.3.11
  • winston^3.11.0