PkgRadar

Package evidence

[email protected]

Credential file access: matched "github_token"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
640
Versions published
25
First published
Mar 2026
Publisher
inkn9ne

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherinkn9ne
Artifact bytes670,754
Previous version0.1.0-beta.24
Published2026-05-25T11:21:45.469Z
SHA-256946ca0837511fe73a9d2d7b4f60138531cc2cf687608da7cae1ad89df78d1faa

Why flagged

What the scanner saw

Credential file access: matched "github_token"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
15Score
0.1.0-beta.25Version
Status history (1 event)
  1. newavailable · risk review · score 15 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowCredential file accesspackage/code.jsmatched "github_token"5
lowCredential file accesspackage/src/github/github.tsmatched "github_token"5
lowCredential file accesspackage/src/main.tsmatched "github_token"5

Manifest

Package metadata

Scripts78
  • buildnode build.mjs
  • docs:auditnode ./scripts/docs-audit.mjs
  • doctorcd ../.. && node scripts/figma-doctor.mjs
  • prepublishOnlynode build.mjs
  • release:betapnpm publish --tag beta && npm dist-tag add inkbridge@$npm_package_version latest && npm view inkbridge dist-tags
  • scancd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/cli.ts
  • test:adapter-utilscd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/adapter-utils-regression.ts
  • test:aspect-percentcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/aspect-percent-position-regression.ts
  • test:aspect-ratiocd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/aspect-ratio-regression.ts
  • test:blobcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/blob-placement-regression.ts
  • test:block-cachecd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/block-cache-regression.ts
  • test:border-dash-patterncd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/border-dash-pattern-regression.ts
  • test:bundle-sizecd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/bundle-size-regression.ts
  • test:child-sizing-matrixcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/child-sizing-matrix-regression.ts
  • test:component-sectionscd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/component-sections-regression.ts
  • test:compound-classes-lookupcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/compound-classes-lookup-regression.ts
  • test:conditional-map-branchcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/conditional-map-branch-regression.ts
  • test:csspatchcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/css-patch-regression.ts
  • test:cva-jsx-child-fallbackcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/cva-jsx-child-fallback-regression.ts
  • test:cva-master-iconcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/cva-master-icon-regression.ts
  • test:data-attr-prop-aliascd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/data-attr-prop-alias-regression.ts
  • test:dialog-content-gatecd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/dialog-content-gate-regression.ts
  • test:explicit-size-rootcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/explicit-size-root-regression.ts
  • test:expression-evaluatorcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/expression-evaluator-regression.ts
  • test:fontcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/font-style-resolver-regression.ts
  • test:font-family-extractcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/font-family-extract-regression.ts
  • test:framework-adapter-shadcncd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/framework-adapter-shadcn-regression.ts
  • test:full-width-matrixcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/full-width-matrix-regression.ts
  • test:grid-cols-extractioncd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/grid-cols-extraction-regression.ts
  • test:hidden-check-driftcd ../.. && ./node_modules/.bin/tsx tools/figma-plugin/scanner/hidden-check-drift-regression.ts
  • …and 48 more.
Dependencies2
  • tailwind-merge^3.4.0
  • ts-morph^27.0.0