Package evidence

[email protected]

Credential file access: matched "kubeconfig"

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'

Publishersajeerzeji

Artifact bytes257,628

Previous version1.4.0

Published2026-05-02T15:59:48.932Z

SHA-256a466ac6a38cd8539fb1cf3cbdced2158df0291b79f82a7888c8a846bd0094925

Why flagged

What the scanner saw

Credential file access: matched "kubeconfig"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

23d agoLast checked

highRisk

90Score

2.0.0-alpha.1Version

Status history (1 event)

new → available23d ago · risk high · score 90 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burststale

sajeerzeji

2 members · evidence strength 60

Evidence

Static findings

6 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Credential file access	package/dist/index.cjs	matched "kubeconfig"	30
high	Credential file access	package/dist/index.js	matched "kubeconfig"	30
medium	Remote Payload	package/dist/index.cjs	matched "api.github.com/graphql"	12
medium	Remote Payload	package/dist/index.js	matched "api.github.com/graphql"	12

Show all 6 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Credential file access	package/dist/index.cjs	matched "kubeconfig"	30
high	Credential file access	package/dist/index.js	matched "kubeconfig"	30
medium	Remote Payload	package/dist/index.cjs	matched "api.github.com/graphql"	12
medium	Remote Payload	package/dist/index.js	matched "api.github.com/graphql"	12
low	Obfuscation	package/dist/index.cjs	matched "\\u2026"	3
low	Obfuscation	package/dist/index.js	matched "\\u2026"	3

Manifest

Package metadata

Scripts24

buildtsup
build:devtsup
coveragevitest run --coverage
linteslint src/**
prepublishOnlynpm run build
publish:npmnpm run build && npm run test && npm publish --access public
testvitest run
test:coveragevitest run --coverage
test:integration:multimodalvitest run tests/integration/multimodal.test.ts
test:integration:toolsnpx tsx tests/integration/tools.test.ts
test:integration:tools:parallelvitest run --config vitest.config.parallel.ts tests/integration/parallel-tools.test.ts
test:toolsvitest run src/tools
test:tools:cloudvitest run src/tools/cloud-tools
test:tools:codingvitest run src/tools/coding-tools
test:tools:dbvitest run src/tools/db-tools
test:tools:diffvitest run src/tools/diff-tools
test:tools:execvitest run src/tools/exec-tools
test:tools:fsvitest run src/tools/fs-tools
test:tools:gitvitest run src/tools/git-tools
test:tools:httpvitest run src/tools/http-tools
test:tools:systemvitest run src/tools/system-tools
test:tools:webvitest run src/tools/web-tools
test:watchvitest
watchtsup --watch

Dependencies17

@anthropic-ai/sdk^0.73.0
@babel/parser^7.29.0
@babel/traverse^7.29.0
@babel/types^7.29.0
@google/generative-ai^0.24.1
better-sqlite3^12.6.2
cheerio^1.2.0
diff^7.0.0
fast-glob^3.3.3
mysql2^3.18.2
netlify^24.0.1
openai^6.18.0
pg^8.19.0
puppeteer^24.39.0
rss-parser^3.13.0
simple-git^3.32.3
web-tree-sitter^0.22.6