PkgRadar

Malware advisory

MAL-2026-2900

Malicious code in dotenv-pack (npm)

3 affected releases in the PkgRadar corpus · published 2026-04-15 · upstream advisory

Affected packages

PackageEcosystemVersionVerdictScanned (UTC)
dotenv-packnpm0.0.1-securityHigh risk2026-07-14
dotenv-packnpm2.3.10Low risk2026-06-01
dotenv-packnpm2.3.11Low risk2026-06-01

PkgRadar blocks these releases at the CI gate before they reach your build. Start free or see all advisories.

MAL-2026-2900 — malicious package advisory | PkgRadar