Malware advisory

MAL-2026-2900

Malicious code in dotenv-pack (npm)

3 affected releases in the PkgRadar corpus · published 2026-04-15 · upstream advisory

Affected packages

Package	Ecosystem	Version	Verdict	Scanned (UTC)
`dotenv-pack`	npm	`0.0.1-security`	High risk	2026-06-03
`dotenv-pack`	npm	`2.3.10`	High risk	2026-06-01
`dotenv-pack`	npm	`2.3.11`	High risk	2026-06-01

PkgRadar blocks these releases at the CI gate before they reach your build. Start free or see all advisories.