Package evidence

[email protected]

Credential file access: matched ".npmrc"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 1
First published: Jun 2026
Publisher: chris2001

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherchris2001

Artifact bytes5,245,259

Previous versionnone

Published2026-06-14T15:28:56.084Z

SHA-256891b2301d0f2a399fcd620d92cb8cafde91e78b3a1bd9e5fe1bf77bce6e8d3cd

Why flagged

What the scanner saw

Credential file access: matched ".npmrc"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

5h agoLast checked

reviewRisk

5Score

1.7.3Version

Status history (1 event)

new → available5h ago · risk review · score 5 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 2 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Credential file access	package/dt-skill/src/skills.test.ts	matched ".npmrc"	5
low	Obfuscation Density	package/dt-skill/pnpm-lock.yaml	high encoded/escaped-token density	0

Manifest

Package metadata

Scripts24

buildNODE_OPTIONS=--openssl-legacy-provider && easy build
check-typestsc --skipLibCheck
cleaneasy clean
cznpm run log && git add . && git cz
debugegg-bin debug
devNODE_OPTIONS=--openssl-legacy-provider egg-bin dev --daemon
dingBotnode DingBot.js
eslintnpx eslint '**/*.js' '**/*.ts' '**/*.tsx'
eslint:fixnpx eslint '**/*.js' '**/*.ts' '**/*.tsx' --fix
helpDocdocsify serve ./docs/docsify
iinpm install --registry https://registry.npm.taobao.org
lintnpm run prettier && npm run eslint && npm run stylelint
lint:fixnpm run prettier:fix && npm run eslint:fix && npm run stylelint:fix
logconventional-changelog --config ./node_modules/vue-cli-plugin-commitlint/lib/log -i CHANGELOG.md -s -r 0
prettiernpx prettier '**/*.ts' '**/*.tsx' '**/*.js' '**/*.json' --check
prettier:fixnpx prettier '**/*.ts' '**/*.tsx' '**/*.js' '**/*.json' --write
release./scripts/release.sh
serveregg-scripts start --daemon --workers=4
server:testegg-scripts start --port=7002 --env=test --daemon --workers=2
startbash start.sh
start:testbash start.sh -t
stopegg-scripts stop
stylelintnpx stylelint '**/*.scss' '**/*.css'
stylelint:fixnpx stylelint '**/*.scss' '**/*.css' --fix

Dependencies63

@ant-design/icons4.5.0
@modelcontextprotocol/sdk^1.25.2
adm-zip^0.5.10
ant-design-dtinsight-theme1.1.3
antd4.15.6
await-stream-ready^1.0.1
babel-eslint^10.1.0
babel-plugin-transform-decorators-legacy^1.3.5
cheerio^1.0.0-rc.10
codemirror^5.48.4
content-type^1.0.5
cropperjs^1.5.1
dingtalk-robot-sender^1.2.0
egg^2.1.0
egg-cors^2.0.0
egg-logger^1.5.0
egg-scripts^2.8.1
egg-sequelize^4.3.1
egg-socket.io^4.1.6
egg-ssh^1.0.5
egg-validate^1.0.0
egg-view-react-ssr^2.2.6
extend~3.0.0
file-saver^1.3.3
history^4.7.2
html2canvas^0.5.0-beta4
http-proxy-middleware2.0.6
js-cookie^2.2.0
koa-connect^2.0.1
lodash^4.17.4
…and 33 more.