npm · registry.npmjs.org

@payloadcms/plugin-cloud-storage

Credential File Packaged: package/dev/.env

Why PkgRadar flagged 1.1.0-beta.0

Severity	Signal	Evidence
high	Credential File Packaged	package/dev/.env · package/dev/.env

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.0.0-internal.293e026`	Low risk	0	2026-06-11
`1.1.0-beta.0`	High risk	17	2026-06-11
`1.1.0-beta.1`	High risk	17	2026-06-11
`4.0.0-internal.40de3ec`	Low risk	0	2026-06-11
`1.1.0`	High risk	17	2026-06-11
`4.0.0-internal.a0ef1b8`	Low risk	0	2026-06-09
`4.0.0-internal.183b315`	Low risk	0	2026-06-09
`3.62.0-internal.2a2d1e1`	Low risk	0	2026-06-09
`3.85.1`	Low risk	0	2026-06-09
`3.86.0-internal.8bd478e`	Low risk	0	2026-06-08
`4.0.0-canary.0`	Low risk	0	2026-06-04
`4.0.0-internal.1f9ae9a`	Low risk	0	2026-06-03
`4.0.0-internal.5f0cd13`	Low risk	0	2026-06-03
`3.86.0-internal.ac46214`	Low risk	0	2026-05-29
`4.0.0-internal.c2b57ce`	Low risk	0	2026-05-28
`4.0.0-internal.38b7f1d`	Low risk	0	2026-05-26
`3.85.0`	Low risk	0	2026-05-26

Block this in CI

PkgRadar gates @payloadcms/plugin-cloud-storage (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @payloadcms/[email protected]