Package evidence

[email protected]

Credential file access: matched ".npmrc"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 1,193Mature · −50% score
First published: Sep 2021
Publisher: amin_fazl

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisheramin_fazl

Artifact bytes2,555,750

Previous version0.0.4

Published2021-09-07T23:22:14.825Z

SHA-256d66562885eb5f0a285c36ce57da1f376a2bf5d8c831a3a38867ee1d9a4e77fa6

Why flagged

What the scanner saw

Credential file access: matched ".npmrc"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

17h agoLast checked

reviewRisk

2Score

0.0.5Version

Status history (1 event)

new → available17h ago · risk review · score 2 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Credential file access	package/node_modules/projen/lib/javascript/npm-config.js	matched ".npmrc"	5

Manifest

Package metadata

Scripts20

buildnpx projen build
bumpnpx projen bump
clobbernpx projen clobber
compilenpx projen compile
defaultnpx projen default
docgennpx projen docgen
eslintnpx projen eslint
packagenpx projen package
projennpx projen
publish:githubnpx projen publish:github
publish:npmnpx projen publish:npm
releasenpx projen release
testnpx projen test
test:compilenpx projen test:compile
test:updatenpx projen test:update
test:watchnpx projen test:watch
unbumpnpx projen unbump
upgradenpx projen upgrade
upgrade-projennpx projen upgrade-projen
watchnpx projen watch

Dependencies1

projen^0.27.50