PkgRadar

Package evidence

@egarcia74/[email protected]

Credential file access: matched "AWS_ACCESS_KEY"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
15
Versions published
5
First published
Sep 2025
Publisher
egarcia74

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@egarcia74/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@egarcia74/[email protected]"],"fail_on":"review"}'
Publisheregarcia74
Artifact bytes169,334
Previous version1.7.14
Published2026-06-08T02:54:45.232Z
SHA-256c2234e259ce450b7a189a3f1ab4596492b3eceed425ad5df5a7bd188c4d91704

Why flagged

What the scanner saw

Credential file access: matched "AWS_ACCESS_KEY"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
5Score
1.7.15Version
Status history (1 event)
  1. newavailable · risk review · score 5 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowCredential file accesspackage/lib/config/secret-manager.jsmatched "AWS_ACCESS_KEY"5

Manifest

Package metadata

Scripts68
  • audit:fixnpm audit fix
  • cinpm run lint && npm run format:check && npm run markdown:lint && npm run links:check:ci && npm run test:coverage && npm run security:audit
  • cleanrm -rf node_modules coverage .vitest
  • cleanup./scripts/cleanup-test-processes.sh
  • cleanup:processes./scripts/cleanup-test-processes.sh
  • devnode --watch index.js
  • docker:cleannpm run docker:ensure-config && docker compose -f test/docker/docker-compose.yml down -v && docker system prune -f
  • docker:detectnode test/docker/detect-platform.js
  • docker:ensure-confignode -e "const fs=require('node:fs'); const cp=require('node:child_process'); const file='test/docker/docker-compose.yml'; if(!fs.existsSync(file)){ console.log('🛠️ Docker compose config missing, generating...'); cp.execFileSync(process.platform==='win32'?'npm.cmd':'npm',['run','docker:detect'],{stdio:'inherit',env:{...process.env,TESTING_MODE:'true'}}); }"
  • docker:initecho '🔧 Initializing database schema via node...' && node test/docker/init-db-node.js && echo '✅ Database initialization completed successfully' || (echo '❌ Database initialization FAILED' && exit 1)
  • docker:logsdocker logs warp-mcp-sqlserver
  • docker:resetecho '🔄 Resetting SQL Server container with fresh data...' && npm run docker:clean && npm run docker:start
  • docker:restartnpm run docker:stop && npm run docker:start
  • docker:shelldocker exec -it warp-mcp-sqlserver /bin/bash
  • docker:sqldocker exec -it warp-mcp-sqlserver /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P WarpMCP123! -C
  • docker:startTESTING_MODE=true npm run docker:detect && echo '🐳 Starting optimized SQL Server container...' && docker compose -f test/docker/docker-compose.yml up -d && npm run docker:wait
  • docker:start:initnpm run docker:start && npm run docker:init || (echo '❌ Docker initialization failed - see errors above' && exit 1)
  • docker:start:verbosenpm run docker:detect && echo '🐳 Starting optimized SQL Server container...' && docker compose -f test/docker/docker-compose.yml up -d && npm run docker:wait
  • docker:start:verbose:initnpm run docker:start:verbose && npm run docker:init || (echo '❌ Docker initialization failed - see errors above' && exit 1)
  • docker:statusdocker ps --filter name=warp-mcp-sqlserver
  • docker:stopnpm run docker:ensure-config && echo '🔴 Stopping SQL Server container...' && docker compose -f test/docker/docker-compose.yml down
  • docker:test./scripts/docker-test-runner.sh
  • docker:test-connectionnode test/docker/test-connectivity.js
  • docker:test:clean./scripts/docker-test-runner.sh --clean
  • docker:troubleshootnode test/docker/troubleshoot-apple-silicon.js
  • docker:verifynode test/docker/verify-platform-detection.js
  • docker:waitnode test/docker/wait-for-db.js
  • docs:buildnpm run docs:extract && npm run docs:generate-tools && npm run docs:generate-landing
  • docs:extractnode scripts/docs/extract-docs.js
  • docs:generate-landingnode scripts/docs/generate-landing-page.js
  • …and 38 more.
Dependencies8
  • @aws-sdk/client-secrets-manager^3.1049.0
  • @azure/identity^4.11.1
  • @azure/keyvault-secrets^4.10.0
  • @modelcontextprotocol/sdk^1.17.5
  • dotenv^17.2.1
  • mssql^11.0.1
  • node-sql-parser^5.3.11
  • winston^3.11.0