PkgRadar

Package evidence

@f5xc-salesdemos/[email protected]

Credential file access: matched ".Azure"

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@f5xc-salesdemos/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@f5xc-salesdemos/[email protected]"],"fail_on":"high"}'
Publisherrobinmordasiewicz
Artifact bytes468,780
Previous version18.77.4
Published2026-05-24T01:17:58.026Z
SHA-2568057d86f683a6ecde5ecbfabb0753695b3b3ce73a9c91866780b88cd11d29a5d

Why flagged

What the scanner saw

Credential file access: matched ".Azure"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
213Score
18.77.5Version
Status history (1 event)
  1. newavailable · risk high · score 213 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burststale

robinmordasiewicz

12 members · evidence strength 84
Repeated static TTPstale

Credential file access — matched ".Azure"

24 members · evidence strength 90
Repeated static TTPstale

Credential file access — matched "GOOGLE_APPLICATION_CREDENTIALS"

80 members · evidence strength 90

Evidence

Static findings

17 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highCredential file accesspackage/src/providers/cursor/gen/agent_pb.tsmatched ".Azure"30
highCredential file accesspackage/src/providers/amazon-bedrock.tsmatched ".aws"30
highCredential file accesspackage/src/providers/azure-openai-responses.tsmatched ".azure"30
highCredential file accesspackage/src/providers/openai-completions-compat.tsmatched ".azure"30
highCredential file accesspackage/src/providers/openai-responses.tsmatched ".azure"30
highCredential file accesspackage/src/stream.tsmatched "GOOGLE_APPLICATION_CREDENTIALS"30
Show all 17 findings (low-signal and informational)
SeverityKindPathDetailPoints
highCredential file accesspackage/src/providers/cursor/gen/agent_pb.tsmatched ".Azure"30
highCredential file accesspackage/src/providers/amazon-bedrock.tsmatched ".aws"30
highCredential file accesspackage/src/providers/azure-openai-responses.tsmatched ".azure"30
highCredential file accesspackage/src/providers/openai-completions-compat.tsmatched ".azure"30
highCredential file accesspackage/src/providers/openai-responses.tsmatched ".azure"30
highCredential file accesspackage/src/stream.tsmatched "GOOGLE_APPLICATION_CREDENTIALS"30
lowObfuscationpackage/src/providers/amazon-bedrock.tsmatched "atob("3
lowObfuscationpackage/src/utils/oauth/anthropic.tsmatched "atob("3
lowObfuscationpackage/src/providers/openai-codex/constants.tsmatched "Buffer.from(parts[1] ?? \"\", \"base64"3
lowObfuscationpackage/src/providers/cursor.tsmatched "\\x20"3
lowObfuscationpackage/src/utils/oauth/cursor.tsmatched "atob("3
lowObfuscationpackage/src/utils/oauth/google-antigravity.tsmatched "atob("3
lowObfuscationpackage/src/utils/oauth/google-gemini-cli.tsmatched "atob("3
lowObfuscationpackage/src/utils/oauth/index.tsmatched "Buffer.from(payload, \"base64"3
lowObfuscationpackage/src/usage/openai-codex.tsmatched "Buffer.from(padded, \"base64"3
lowObfuscationpackage/src/utils/oauth/openai-codex.tsmatched "Buffer.from(payload, \"base64"3
lowObfuscationpackage/src/utils/oauth/perplexity.tsmatched "atob("3

Manifest

Package metadata

Scripts7
  • checkbiome check . && bun run check:types
  • check:typestsgo -p tsconfig.json --noEmit
  • fixbiome check --write --unsafe .
  • fmtbiome format --write .
  • generate-modelsbun scripts/generate-models.ts
  • lintbiome lint .
  • testbun test
Dependencies12
  • @anthropic-ai/sdk^0.78
  • @aws-sdk/client-bedrock-runtime^3
  • @bufbuild/protobuf^2.11
  • @f5xc-salesdemos/pi-utils18.77.5
  • @google/genai^1.43
  • @sinclair/typebox^0.34
  • @smithy/node-http-handler^4.4
  • ajv~8.18.0
  • ajv-formats^3.0
  • openai^6.25
  • partial-json^0.1
  • zod^4.3