PkgRadar

npm · registry.npmjs.org

@corva/create-app

Credential File Packaged: package/common/node/.env

Why PkgRadar flagged 0.118.0

SeveritySignalEvidence
highCredential File Packagedpackage/common/node/.env · package/common/node/.env
highCredential File Packagedpackage/common/python/.env · package/common/python/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
0.118.0Review222026-05-30
0.119.0Review222026-05-30

Block this in CI

PkgRadar gates @corva/create-app (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @corva/[email protected]
Start free — 25 scans / moView full evidence
@corva/create-app — npm security scan | PkgRadar