Package evidence

@fjall/[email protected]

Credential file access: matched ".Aws"

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@fjall/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@fjall/[email protected]"],"fail_on":"high"}'

Publisherpeoram

Artifact bytes449,586

Previous version1.1.0

Published2026-05-24T01:09:08.692Z

SHA-256f9cf6727cdcc30551bc42099555fe40284891bf7aa6d0183ed31ae6912b20fb9

Why flagged

What the scanner saw

Credential file access: matched ".Aws"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

20d agoLast checked

highRisk

747Score

2.1.1Version

Status history (1 event)

new → available20d ago · risk high · score 747 · status changed

Related candidates

Linked campaigns and clusters

Repeated static TTPstale

Credential file access — matched ".Aws"

50 members · evidence strength 90

Repeated static TTPstale

Credential file access — matched "AWS_ACCESS_KEY"

132 members · evidence strength 90

Repeated static TTPstale

Credential file access — matched "id_RSA"

12 members · evidence strength 90

Evidence

Static findings

27 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Credential file access	package/dist/lib/resources/aws/utilities/awsCustomResource.js	matched ".Aws"	30
high	Credential file access	package/dist/lib/resources/aws/database/clickhouseConstants.js	matched ".aws"	30
high	Credential file access	package/dist/lib/patterns/aws/clickhouseDatabase.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/resources/aws/database/clickhouseUserData.js	matched "AWS_ACCESS_KEY"	30
high	Credential file access	package/dist/lib/patterns/aws/computeEc2.js	matched ".ssh"	30
high	Credential file access	package/dist/lib/patterns/aws/computeEcs.js	matched ".aws"	30
high	Credential file access	package/dist/lib/utils/databaseTypes.js	matched ".aws"	30
high	Credential file access	package/dist/lib/config/aws/ecrDefaultImage.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/compute/ecsImages.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/compute/ecsTaskDefinition.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/resources/aws/compute/ecsValidation.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/patterns/aws/fivetranProxy.js	matched ".ssh"	30
high	Credential file access	package/dist/lib/utils/getConfig.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/lambda-assets/cert-generator/asset/index.js	matched "id_RSA"	30
high	Credential file access	package/dist/lib/resources/aws/networking/ipam.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/compute/lambda.js	matched ".aws"	30
high	Credential file access	package/dist/lib/patterns/aws/messaging.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/utilities/resourceShare.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/iam/role.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/messaging/sqs.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/networking/vpc.js	matched ".aws"	30
high	Credential file access	package/dist/lib/patterns/aws/vpcPeerAccepter.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/layers/layers/secrets-resolver/bin/resolve-secrets.mjs	matched ".AWS"	30
high	Credential file access	package/dist/lib/layers/secrets-resolver/bin/resolve-secrets.mjs	matched ".AWS"	30
medium	Remote Payload	package/dist/lib/patterns/aws/clickhouseDatabase.js	matched "wget "	12
medium	Remote Payload	package/dist/lib/config/aws/ecrDefaultImage.js	matched "curl "	12

Show all 27 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Credential file access	package/dist/lib/resources/aws/utilities/awsCustomResource.js	matched ".Aws"	30
high	Credential file access	package/dist/lib/resources/aws/database/clickhouseConstants.js	matched ".aws"	30
high	Credential file access	package/dist/lib/patterns/aws/clickhouseDatabase.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/resources/aws/database/clickhouseUserData.js	matched "AWS_ACCESS_KEY"	30
high	Credential file access	package/dist/lib/patterns/aws/computeEc2.js	matched ".ssh"	30
high	Credential file access	package/dist/lib/patterns/aws/computeEcs.js	matched ".aws"	30
high	Credential file access	package/dist/lib/utils/databaseTypes.js	matched ".aws"	30
high	Credential file access	package/dist/lib/config/aws/ecrDefaultImage.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/compute/ecsImages.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/compute/ecsTaskDefinition.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/resources/aws/compute/ecsValidation.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/patterns/aws/fivetranProxy.js	matched ".ssh"	30
high	Credential file access	package/dist/lib/utils/getConfig.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/lambda-assets/cert-generator/asset/index.js	matched "id_RSA"	30
high	Credential file access	package/dist/lib/resources/aws/networking/ipam.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/compute/lambda.js	matched ".aws"	30
high	Credential file access	package/dist/lib/patterns/aws/messaging.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/utilities/resourceShare.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/iam/role.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/messaging/sqs.js	matched ".aws"	30
high	Credential file access	package/dist/lib/resources/aws/networking/vpc.js	matched ".aws"	30
high	Credential file access	package/dist/lib/patterns/aws/vpcPeerAccepter.js	matched ".AWS"	30
high	Credential file access	package/dist/lib/layers/layers/secrets-resolver/bin/resolve-secrets.mjs	matched ".AWS"	30
high	Credential file access	package/dist/lib/layers/secrets-resolver/bin/resolve-secrets.mjs	matched ".AWS"	30
medium	Remote Payload	package/dist/lib/patterns/aws/clickhouseDatabase.js	matched "wget "	12
medium	Remote Payload	package/dist/lib/config/aws/ecrDefaultImage.js	matched "curl "	12
low	Obfuscation	package/dist/lib/lambda-assets/cert-generator/asset/index.js	matched "fromCharCode"	3

Manifest

Package metadata

Scripts16

buildnpm run build:cert-gen-lambda && tsc && cp -r lib/layers dist/lib/layers && mkdir -p dist/lib/lambda-assets/cert-generator/asset && cp lib/lambda-assets/cert-generator/asset/index.js dist/lib/lambda-assets/cert-generator/asset/index.js && cp lib/lambda-assets/cert-generator/asset/package.json dist/lib/lambda-assets/cert-generator/asset/package.json && cp lib/resources/aws/compute/lifecycleHookLambda.source.cjs dist/lib/resources/aws/compute/lifecycleHookLambda.source.cjs && cp lib/resources/aws/compute/ec2GracefulTerminationLambda.source.cjs dist/lib/resources/aws/compute/ec2GracefulTerminationLambda.source.cjs && cp lib/resources/aws/compute/persistentDataVolumeLambda.source.cjs dist/lib/resources/aws/compute/persistentDataVolumeLambda.source.cjs
build:cert-gen-lambdanode lib/lambda-assets/cert-generator/src/build.mjs
cdkcdk
check:scriptstsc --project tsconfig.scripts.json
cleanrm -rf ./dist
clean:noderm -rf ./node_modules
formatprettier --write "lib/**/*.{ts,tsx,js,jsx,json}" "scripts/**/*.mts"
format:checkprettier --check "lib/**/*.{ts,tsx,js,jsx,json}" "scripts/**/*.mts"
linteslint lib --no-warn-ignored
lint:fixeslint lib --fix --no-warn-ignored
testvitest run
test:watchvitest
typechecktsc --noEmit && tsc --noEmit -p tsconfig.test.json
typecheck:teststsc --noEmit -p tsconfig.test.json
watchtsc -w
watch:onlytsc -w

Dependencies5

@aws-sdk/client-organizations^3.1038.0
@fjall/generator^2.1.1
@fjall/util^2.1.1
constructs^10.0.0
uuid^14.0.0