PkgRadar

npm · registry.npmjs.org

@m2c2kit/cli

Credential File Packaged: package/dist/.env

Why PkgRadar flagged 0.3.4

SeveritySignalEvidence
highCredential File Packagedpackage/dist/.env · package/dist/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
0.3.4High risk172026-06-11
0.3.5High risk172026-06-11
0.3.6High risk172026-06-11
0.3.32Low risk02026-06-11
0.3.35Low risk02026-06-11
0.3.33Low risk02026-06-11
0.3.34Low risk02026-06-11

Block this in CI

PkgRadar gates @m2c2kit/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @m2c2kit/[email protected]
Start free — 25 scans / moView full evidence