PkgRadar

npm · registry.npmjs.org

@keshavsoft-org/express-todo

Credential File Packaged: package/bin/v6/commands/simple/template/v1/.env

Why PkgRadar flagged 1.7.6

SeveritySignalEvidence
highCredential File Packagedpackage/bin/v6/commands/simple/template/v1/.env · package/bin/v6/commands/simple/template/v1/.env
highCredential File Packagedpackage/bin/v6/commands/simple/template/v2/.env · package/bin/v6/commands/simple/template/v2/.env
highCredential File Packagedpackage/bin/v6/commands/simple/template/v3/.env · package/bin/v6/commands/simple/template/v3/.env
highCredential File Packagedpackage/bin/v6/commands/simple/template/v4/.env · package/bin/v6/commands/simple/template/v4/.env
highCredential File Packagedpackage/bin/v6/commands/simpleWithCrud/template/v3/.env · package/bin/v6/commands/simpleWithCrud/template/v3/.env
highCredential File Packagedpackage/bin/v6/commands/simpleWithUi/template/v1/.env · package/bin/v6/commands/simpleWithUi/template/v1/.env
highCredential File Packagedpackage/bin/v6/commands/simpleWithUi/template/v2/.env · package/bin/v6/commands/simpleWithUi/template/v2/.env
highCredential File Packagedpackage/bin/v7/commands/simple/template/v4/.env · package/bin/v7/commands/simple/template/v4/.env
highCredential File Packagedpackage/bin/v7/commands/simple/template/v5/.env · package/bin/v7/commands/simple/template/v5/.env
highCredential File Packagedpackage/bin/v7/commands/simple/template/v6/.env · package/bin/v7/commands/simple/template/v6/.env
highCredential File Packagedpackage/bin/v7/commands/simpleWithCrud/template/v3/.env · package/bin/v7/commands/simpleWithCrud/template/v3/.env
highCredential File Packagedpackage/bin/v7/commands/simpleWithUi/template/v2/.env · package/bin/v7/commands/simpleWithUi/template/v2/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
1.7.6High risk1002026-06-11
1.9.1High risk1002026-06-11
1.7.7High risk1002026-06-10
1.7.8High risk1002026-06-10

Block this in CI

PkgRadar gates @keshavsoft-org/express-todo (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @keshavsoft-org/[email protected]
Start free — 25 scans / moView full evidence