PkgRadar

Malware advisory

MAL-2026-4728

Malicious code in web-dotenv (npm)

1 affected release in the PkgRadar corpus · published 2026-05-25 · upstream advisory

Affected packages

PackageEcosystemVersionVerdictScanned (UTC)
web-dotenvnpm1.0.2Low risk2026-06-10

PkgRadar blocks these releases at the CI gate before they reach your build. Start free or see all advisories.

MAL-2026-4728 — malicious package advisory | PkgRadar