npm-trusted-publishing
Pass
Audited by Socket on Feb 17, 2026
Checks
Malicious behaviorInjection, exfiltration, untrusted installs
Security concernsCredential exposure, tool/trust exploitation
Code obfuscationHidden or obfuscated code
Suspicious patternsReconnaissance, excessive autonomy, resource use
Audit Metadata