Package evidence

@in-sp3ctr3/[email protected]

Credential file access: matched "aws_access_key"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 1
First published: Jun 2026
Publisher: in-sp3ctr3

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@in-sp3ctr3/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@in-sp3ctr3/[email protected]"],"fail_on":"review"}'

Publisherin-sp3ctr3

Artifact bytes1,119,693

Previous versionnone

Published2026-06-05T14:50:29.908Z

SHA-2561cedb5c2be4dadee38dd1cce8a1116357abbf23b447e723cd27d2dbd5be29da5

Why flagged

What the scanner saw

Credential file access: matched "aws_access_key"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

5h agoLast checked

reviewRisk

5Score

1.0.0Version

Status history (1 event)

new → available5h ago · risk review · score 5 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Credential file access	package/dist/safety.js	matched "aws_access_key"	5

Manifest

Package metadata

Scripts31

archive:sourcenpm run release:assert-clean && git archive --format zip --output mempr-source.zip HEAD
buildtsc -p tsconfig.json
linttsc -p tsconfig.json --noEmit
release:assert-cleansh -c 'test -z "$(git status --porcelain)"'
release:checknpm ci && npm run build && npm run lint && npm test && npm pack --dry-run --json
testnpm run build && npm run test:safety && npm run test:core && npm run test:mcp && npm run test:cli && npm run test:package
test:clinode scripts/run-node-tests.mjs --suite cli test/cli.test.js test/review-ux.test.js test/history-ux.test.js test/live-adapters.test.js test/policy-config.test.js test/source-trust-policy-version.test.js test/review-workflow.test.js test/suggest.test.js
test:cli:history-uxnode --test --test-concurrency=1 --test-timeout=30000 test/history-ux.test.js
test:cli:live-adaptersnode --test --test-concurrency=1 --test-timeout=30000 test/live-adapters.test.js
test:cli:mainnode --test --test-concurrency=1 --test-timeout=30000 test/cli.test.js
test:cli:policy-confignode --test --test-concurrency=1 --test-timeout=30000 test/policy-config.test.js
test:cli:review-uxnode --test --test-concurrency=1 --test-timeout=30000 test/review-ux.test.js
test:cli:review-workflownode --test --test-concurrency=1 --test-timeout=30000 test/review-workflow.test.js
test:cli:source-trustnode --test --test-concurrency=1 --test-timeout=30000 test/source-trust-policy-version.test.js
test:cli:suggestnode --test --test-concurrency=1 --test-timeout=30000 test/suggest.test.js
test:corenode scripts/run-node-tests.mjs --suite core test/ledger.test.js test/events.test.js test/consistency.test.js test/migration.test.js test/storage.test.js test/locking.test.js test/ttl-export.test.js test/conflict-supersession.test.js test/conflict-export-governance.test.js test/relationship-lifecycle.test.js test/read-policy.test.js test/read-permissions.test.js test/memory-model.test.js
test:mcpnode scripts/run-node-tests.mjs --suite mcp test/mcp-contract.test.js test/mcp-server.test.js test/mcp-readonly.test.js test/mcp-mutations.test.js test/mcp-http.test.js
test:mcp:contractnode --test --test-concurrency=1 --test-timeout=30000 test/mcp-contract.test.js
test:mcp:httpnode --test --test-concurrency=1 --test-timeout=30000 test/mcp-http.test.js
test:mcp:mutationsnode --test --test-concurrency=1 --test-timeout=30000 test/mcp-mutations.test.js
test:mcp:readonlynode --test --test-concurrency=1 --test-timeout=30000 test/mcp-readonly.test.js
test:mcp:servernode --test --test-concurrency=1 --test-timeout=30000 test/mcp-server.test.js
test:packagenode --test --test-concurrency=1 --test-timeout=30000 test/package-smoke.test.js
test:safetynode scripts/run-node-tests.mjs --suite safety test/safety-boundary.test.js test/redaction.test.js test/export-safety.test.js test/destination-operation-safety.test.js test/internal-store-safety.test.js test/provenance.test.js test/diagnostics-scanner.test.js
test:safety:boundarynode --test --test-concurrency=1 --test-timeout=30000 test/safety-boundary.test.js
test:safety:destinationnode --test --test-concurrency=1 --test-timeout=30000 test/destination-operation-safety.test.js
test:safety:diagnosticsnode --test --test-concurrency=1 --test-timeout=30000 test/diagnostics-scanner.test.js
test:safety:exportnode --test --test-concurrency=1 --test-timeout=30000 test/export-safety.test.js
test:safety:provenancenode --test --test-concurrency=1 --test-timeout=30000 test/provenance.test.js
test:safety:redactionnode --test --test-concurrency=1 --test-timeout=30000 test/redaction.test.js
…and 1 more.