Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Credential file access: matched "github_token"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 105 · status changed
Related candidates
Linked campaigns and clusters
inkn9ne
3 members · evidence strength 67Evidence
Static findings
8 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Credential file access | package/code.js | matched "github_token" | 30 |
| high | Credential file access | package/src/github/github.ts | matched "github_token" | 30 |
| high | Credential file access | package/src/main.ts | matched "github_token" | 30 |
Show all 8 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Credential file access | package/code.js | matched "github_token" | 30 |
| high | Credential file access | package/src/github/github.ts | matched "github_token" | 30 |
| high | Credential file access | package/src/main.ts | matched "github_token" | 30 |
| low | Obfuscation | package/code.js | matched "\\u2014" | 3 |
| low | Obfuscation | package/scanner/component-scanner.ts | matched "\\u00a0" | 3 |
| low | Obfuscation | package/src/github/github.ts | matched "atob(" | 3 |
| low | Obfuscation | package/src/main.ts | matched "\\u2026" | 3 |
| low | Obfuscation | package/src/tokens/variables.ts | matched "\\u2014" | 3 |
Manifest
Package metadata
Scripts77
buildnode build.mjsdocs:auditnode ./scripts/docs-audit.mjsdoctorcd ../.. && node scripts/figma-doctor.mjsprepublishOnlynode build.mjsrelease:betapnpm publish --tag beta && npm dist-tag add inkbridge@$npm_package_version latest && npm view inkbridge dist-tagsscancd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/cli.tstest:adapter-utilscd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/adapter-utils-regression.tstest:aspect-percentcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/aspect-percent-position-regression.tstest:aspect-ratiocd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/aspect-ratio-regression.tstest:blobcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/blob-placement-regression.tstest:block-cachecd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/block-cache-regression.tstest:border-dash-patterncd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/border-dash-pattern-regression.tstest:bundle-sizecd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/bundle-size-regression.tstest:child-sizing-matrixcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/child-sizing-matrix-regression.tstest:component-sectionscd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/component-sections-regression.tstest:compound-classes-lookupcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/compound-classes-lookup-regression.tstest:conditional-map-branchcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/conditional-map-branch-regression.tstest:csspatchcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/css-patch-regression.tstest:cva-jsx-child-fallbackcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/cva-jsx-child-fallback-regression.tstest:cva-master-iconcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/cva-master-icon-regression.tstest:data-attr-prop-aliascd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/data-attr-prop-alias-regression.tstest:dialog-content-gatecd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/dialog-content-gate-regression.tstest:explicit-size-rootcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/explicit-size-root-regression.tstest:expression-evaluatorcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/expression-evaluator-regression.tstest:fontcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/font-style-resolver-regression.tstest:font-family-extractcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/font-family-extract-regression.tstest:framework-adapter-shadcncd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/framework-adapter-shadcn-regression.tstest:full-width-matrixcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/full-width-matrix-regression.tstest:grid-cols-extractioncd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/grid-cols-extraction-regression.tstest:hidden-check-driftcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/hidden-check-drift-regression.ts- …and 47 more.
Dependencies2
tailwind-merge^3.4.0ts-morph^27.0.0