// Source control / registries

npm publish-token theft (.npmrc)

패턴: reads-npmrc

Packages that read .npmrc files or _authToken environment variables. The signature pattern for npm registry credential theft — directly enables further malicious publishes under the victim's account.

2개 패키지에 이 패턴이 매칭됨. 최신순.

• AUTO-PUBLISHED/pypi/11h ago

  pipeline-check@1.1.0

  by Daniel Martin

  CI/CD Security Posture Scanner — scores AWS, Terraform, CloudFormation, GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines, Jenkins, CircleCI, Google Cloud Build, Buildkite, Drone CI, Tekton, Argo Workflows, Dockerfile, Kubernetes manifests, Helm charts, OCI image manifests, SCM repo posture (GitHub / GitLab / Bitbucket), npm and pypi dependency files against OWASP Top 10 CI/CD Risks and 14 other compliance frameworks

  steals →npm tokenGitHub PATGitLab PATAI API keys

  py-pip-install-runtimereads-github-tokensreads-gitlab-tokens
• AUTO-PUBLISHED/npm/2026-05-04

  react-dom-helper@1.0.0

  by k4nx9zfp82

  steals →npm tokenAWS keys

  reads-aws-credsreads-npmrcreads-homedirhttp-to-public-ip

  → 크리덴셜 읽기 (reads-aws-creds, reads-npmrc) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.

  weekly

  —

  /wk

  llm verdict

  malicious