npm · registry.npmjs.org
@fullstackunicorn/create-root
Webhook Exfil Endpoint: matched "ngrok-free.app"
Why PkgRadar flagged 1.0.26
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "ngrok-free.app" · package/assets/root.fullstackunicorn.dev/frontend/vite.config.js |
| high | Credential File Packaged | package/assets/root.fullstackunicorn.dev/assets/.env · package/assets/root.fullstackunicorn.dev/assets/.env |
| high | Credential File Packaged | package/assets/root.fullstackunicorn.dev/backend/.env · package/assets/root.fullstackunicorn.dev/backend/.env |
| high | Credential File Packaged | package/assets/root.fullstackunicorn.dev/frontend/.env · package/assets/root.fullstackunicorn.dev/frontend/.env |
| high | Credential File Packaged | package/assets/root.fullstackunicorn.dev/manager/.env · package/assets/root.fullstackunicorn.dev/manager/.env |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.26 | High risk | 145 | 2026-06-10 |
1.0.27 | High risk | 145 | 2026-06-10 |
Related campaigns
- GitLab CI/CD — 3 releases, max score 145
Block this in CI
pkgradar gate --ecosystem npm @fullstackunicorn/[email protected]