Package evidence
@mohasinac/[email protected]
Credential file access: matched "GOOGLE_APPLICATION_CREDENTIALS"
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@mohasinac/[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@mohasinac/[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Credential file access: matched "GOOGLE_APPLICATION_CREDENTIALS"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 711 · status changed
Related candidates
Linked campaigns and clusters
mohasinac
4 members · evidence strength 84Evidence
Static findings
216 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Credential file access | package/dist/providers/db-firebase/admin-app-lite.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 30 |
| high | Credential file access | package/dist/providers/db-firebase/admin.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 30 |
| medium | Obfuscation Density | package/dist/features/admin/components/AdminSiteSettingsView.js | high encoded/escaped-token density | 12 |
Show all 216 findings (low-signal and informational)
Showing 60 of 216 findings.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Credential file access | package/dist/providers/db-firebase/admin-app-lite.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 30 |
| high | Credential file access | package/dist/providers/db-firebase/admin.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 30 |
| medium | Obfuscation Density | package/dist/features/admin/components/AdminSiteSettingsView.js | high encoded/escaped-token density | 12 |
| low | Obfuscation | package/dist/features/about/components/AboutView.js | matched "\\u00B7" | 3 |
| low | Obfuscation | package/dist/ui/components/Accordion.js | matched "\\u25BE" | 3 |
| low | Obfuscation | package/dist/features/site-settings/components/ActionPermissionsManager.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminAdsView.js | matched "\\u00B7" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminAnalyticsGuideView.js | matched "\\u00D7" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminBlogEditorView.js | matched "\\u00E9" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminBundleEditorView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminCarouselEditorView.js | matched "\\u00D7" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminCarouselView.js | matched "\\u283F" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminCatalogGuideView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminCategoryEditorView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminContentGuideView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminCouponEditorView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/events/components/AdminEventEditorView.js | matched "\\u00D7" | 3 |
| low | Obfuscation | package/dist/features/events/components/AdminEventEntriesView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminFeatureEditorView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminFeatureFlagsView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminGuideHubView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminMediaView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminNavigationView.js | matched "\\u25B2" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminOrderEditorView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminOrdersGuideView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminProductEditorView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminReviewsView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminScammerEditorView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminSectionsView.js | matched "\\u2715" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminSiteConfigGuideView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminSiteSettingsView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminStoreEditorView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminStoresGuideView.js | matched "\\u2192" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminSupportTicketDetailView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminTeamGuideView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminTrustGuideView.js | matched "\\u2013" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminUserEditorView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminUsersGuideView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/admin/components/AdminUsersView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/filters/AsyncFacetSection.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/auctions/components/AuctionDetailPageView.js | matched "\\uD83C" | 3 |
| low | Obfuscation | package/dist/features/products/components/AuctionsIndexListing.js | matched "\\u20B9" | 3 |
| low | Obfuscation | package/dist/features/blog/components/BlogListView.js | matched "\\u270D" | 3 |
| low | Obfuscation | package/dist/features/blog/components/BlogPostView.js | matched "\\u2026" | 3 |
| low | Obfuscation | package/dist/features/categories/components/BundleDetailView.js | matched "\\u00B7" | 3 |
| low | Obfuscation | package/dist/features/categories/components/BundleItemsPicker.js | matched "\\u00D7" | 3 |
| low | Obfuscation | package/dist/features/categories/components/BundlesListView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/account/components/BuyerAccountGuideView.js | matched "\\u2192" | 3 |
| low | Obfuscation | package/dist/features/account/components/BuyerAuctionsGuideView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/account/components/BuyerOrdersGuideView.js | matched "\\u2192" | 3 |
| low | Obfuscation | package/dist/features/account/components/BuyerShoppingGuideView.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/cart/components/CartDrawer.js | matched "\\u2212" | 3 |
| low | Obfuscation | package/dist/features/categories/components/CategoryGrid.js | matched "\\u2605" | 3 |
| low | Obfuscation | package/dist/features/categories/components/CategoryProductsListing.js | matched "\\u20B9" | 3 |
| low | Obfuscation | package/dist/features/categories/components/CategorySelectorCreate.js | matched "\\u00a0" | 3 |
| low | Obfuscation | package/dist/features/categories/components/CategoryTree.js | matched "\\u25B6" | 3 |
| low | Obfuscation | package/dist/features/homepage/components/CharacterHotspot.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/dist/features/homepage/components/CharacterHotspotForm.js | matched "\\uD83D" | 3 |
| low | Obfuscation | package/dist/_internal/client/features/classified/ClassifiedDetailView.js | matched "\\u2192" | 3 |
| low | Obfuscation | package/dist/features/classified/components/ClassifiedIndexListing.js | matched "\\u2026" | 3 |
Manifest
Package metadata
Scripts10
auditnode scripts/audit-violations.mjsbuildnode -e "const fs=require('fs');try{fs.rmSync('tsconfig.build.tsbuildinfo')}catch(e){}" && tsc -p tsconfig.build.json && node scripts/copy-assets.mjs && tailwindcss -i src/tailwind-input.css -o dist/tailwind-utilities.css --minify && node scripts/bundle-css.mjs && node scripts/verify-css-build.mjschecknpm run check:types && npm run check:auditscheck:auditsnode scripts/audit-violations.mjs && node scripts/verify-entries.mjs && node scripts/verify-css-build.mjs && node scripts/audit-use-client.mjs && node scripts/audit-double-navigation.mjs && node scripts/audit-repository-fields.mjs && node scripts/audit-query-provider.mjs && node scripts/audit-export-paths.mjscheck:typestsc --noEmitprepublishOnlynpm run buildtestvitest run --passWithNoTeststest:watchvitestwatchconcurrently --kill-others --restart-tries 0 --names "ts,css" "tsc -p tsconfig.build.json --watch" "npm run watch:css"watch:csstailwindcss -i src/tailwind-input.css -o dist/tailwind-utilities.css --watch
Dependencies6
@mohasinac/sievejs^1.0.0motion^12.40.0react-advanced-cropper^0.20.1tailwind-merge^3.3.0zod^3.24.0zustand^5.0.13