Package evidence

[email protected]

Credential file access: matched ".npmrc"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 4
First published: Mar 2026
Publisher: p.atati

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherp.atati

Artifact bytes16,946,498

Previous version1.2.0

Published2026-06-12T08:42:47.251Z

SHA-256b30df33cab396f827f196619a046883aab8237451cb72f1d12a38f6ec7d658b3

Why flagged

What the scanner saw

Credential file access: matched ".npmrc"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

3h agoLast checked

reviewRisk

5Score

2.0.0Version

Status history (1 event)

new → available3h ago · risk review · score 5 · status changed

Evidence

Static findings

8 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 8 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Credential file access	package/src/substitutions.js	matched ".npmrc"	5
low	Obfuscation Density	package/templates/ata-dashboard-angular/package-lock.json	high encoded/escaped-token density	0
low	Obfuscation Density	package/templates/ata-dashboard-react/package-lock.json	high encoded/escaped-token density	0
low	Obfuscation Density	package/templates/ata-dashboard-vue/package-lock.json	high encoded/escaped-token density	0
low	Obfuscation Density	package/templates/feature-ms/package-lock.json	high encoded/escaped-token density	0
low	Obfuscation Density	package/templates/file-manager-ms/package-lock.json	high encoded/escaped-token density	0
low	Obfuscation Density	package/templates/frontend-angular/package-lock.json	high encoded/escaped-token density	0
low	Obfuscation Density	package/templates/identity-ms/package-lock.json	high encoded/escaped-token density	0

Manifest

Package metadata

Scripts31

app:start./mvnw -ntp --batch-mode
app:updocker compose -f src/main/docker/app.yml up --wait
backend:build-cache./mvnw dependency:go-offline -ntp
backend:debug./mvnw -Dspring-boot.run.jvmArguments="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000"
backend:doc:test./mvnw -ntp javadoc:javadoc --batch-mode
backend:info./mvnw --version
backend:nohttp:test./mvnw -ntp checkstyle:check --batch-mode
backend:start./mvnw -ntp --batch-mode
backend:unit:test./mvnw -ntp verify --batch-mode -Dlogging.level.ROOT=OFF -Dlogging.level.tech.jhipster=OFF -Dlogging.level.com.identity.ms=OFF -Dlogging.level.org.springframework=OFF -Dlogging.level.org.springframework.web=OFF -Dlogging.level.org.springframework.security=OFF
ci:backend:testnpm run backend:info && npm run backend:doc:test && npm run backend:nohttp:test && npm run backend:unit:test -- -P$npm_package_config_default_environment
ci:e2e:packagenpm run java:$npm_package_config_packaging:$npm_package_config_default_environment -- -Pe2e -Denforcer.skip=true
ci:e2e:preparenpm run ci:e2e:prepare:docker
ci:e2e:prepare:dockernpm run services:up --if-present && docker ps -a
ci:e2e:server:startjava -jar target/e2e.$npm_package_config_packaging --spring.profiles.active=e2e,$npm_package_config_default_environment -Dlogging.level.ROOT=OFF -Dlogging.level.tech.jhipster=OFF -Dlogging.level.com.identity.ms=OFF -Dlogging.level.org.springframework=OFF -Dlogging.level.org.springframework.web=OFF -Dlogging.level.org.springframework.security=OFF --logging.level.org.springframework.web=ERROR
ci:e2e:teardownnpm run ci:e2e:teardown:docker --if-present
ci:e2e:teardown:dockerdocker compose -f src/main/docker/services.yml down -v && docker ps -a
ci:server:awaitecho "Waiting for server at port $npm_package_config_backend_port to start" && wait-on -t 180000 http-get://127.0.0.1:undefined/services/identityms/management/health/readiness && echo "Server at port $npm_package_config_backend_port started"
docker:db:downdocker compose -f src/main/docker/postgresql.yml down -v
docker:db:updocker compose -f src/main/docker/postgresql.yml up --wait
java:docker./mvnw -ntp verify -DskipTests -Pprod jib:dockerBuild
java:docker:arm64npm run java:docker -- -Djib-maven-plugin.architecture=arm64
java:docker:devnpm run java:docker -- -Pdev,webapp
java:docker:prodnpm run java:docker -- -Pprod
java:jar./mvnw -ntp verify -DskipTests --batch-mode
java:jar:devnpm run java:jar -- -Pdev,webapp
java:jar:prodnpm run java:jar -- -Pprod
java:war./mvnw -ntp verify -DskipTests --batch-mode -Pwar
java:war:devnpm run java:war -- -Pdev,webapp
java:war:prodnpm run java:war -- -Pprod
preci:e2e:server:startnpm run services:db:await --if-present && npm run services:others:await --if-present
…and 1 more.