PkgRadar

Package evidence

[email protected]

Credential file access: matched "id_rsa"

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'
Publishergakwaya
Artifact bytes2,461,626
Previous version1.5.2
Published2026-05-23T22:33:23.482Z
SHA-256e77dc55bc92d488fa6a5323413232a09290a9c466546dacc46c00dd7e6d7286d

Why flagged

What the scanner saw

Credential file access: matched "id_rsa"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
60Score
1.6.3Version
Status history (1 event)
  1. newavailable · risk high · score 60 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burststale

gakwaya

2 members · evidence strength 56

Evidence

Static findings

5 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highCredential file accesspackage/dist/index.jsmatched "id_rsa"30
mediumRemote Payloadpackage/dist/index.jsmatched "curl "12
mediumObfuscation Densitypackage/dist/index.jshigh encoded/escaped-token density12
Show all 5 findings (low-signal and informational)
SeverityKindPathDetailPoints
highCredential file accesspackage/dist/index.jsmatched "id_rsa"30
mediumRemote Payloadpackage/dist/index.jsmatched "curl "12
mediumObfuscation Densitypackage/dist/index.jshigh encoded/escaped-token density12
lowObfuscationpackage/dist/ui/assets/index-DxXW0CWH.jsmatched "\\u00C0"3
lowObfuscationpackage/dist/index.jsmatched "\\u2026"3

Manifest

Package metadata

Scripts12
  • buildnode scripts/build-bundle.mjs
  • build:doc-indexnode scripts/build-doc-index.mjs
  • linktsx src/index.ts link
  • logouttsx src/index.ts logout
  • omnishtsx src/index.ts
  • prepacknpm run build
  • pretestnode scripts/build-doc-index.mjs
  • pretypechecknode scripts/build-doc-index.mjs
  • reinstallrm -rf node_modules && pnpm install
  • runtsx src/index.ts run
  • testtsx --test 'src/**/*.test.ts'
  • typechecktsc --noEmit
Dependencies8
  • @parcel/watcher^2.5.1
  • @whiskeysockets/baileys7.0.0-rc13
  • better-sqlite3^12.9.0
  • grammy^1.42.0
  • node-pty^1.1.0
  • pino^9.6.0
  • qrcode-terminal^0.12.0
  • ws^8.18.3