Bartlomieju

**Name of the Vulnerable Software and Affected Versions** Deno version 1.44.0 **Description** An issue in `.npmrc` support was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are potentially affected by this issue if their private registry references tarball URLs at a different domain. This includes usage of deno install subcommand, auto-install for npm: specifiers and LSP usage. **Recommendations** To resolve the issue, upgrade to Deno 1.44.1. If your private registry ever serves tarballs at a different domain, rotate your registry credentials. As a temporary workaround, consider restricting access to the `.npmrc` file to minimize the risk of exploitation.