PkgRadar

npm · registry.npmjs.org

@playpilot/tpi

Credential File Packaged: package/.env

Why PkgRadar flagged 8.14.0

SeveritySignalEvidence
highCredential File Packagedpackage/.env · package/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
8.14.0High risk172026-06-12
8.13.0High risk172026-06-11
8.14.0-beta.4High risk172026-06-11
8.14.0-beta.3High risk172026-06-11
8.14.0-beta.2High risk172026-06-11
8.14.0-beta.1High risk172026-06-11
8.13.0-beta.2High risk172026-06-10
8.13.0-beta.1High risk172026-06-10
8.12.1High risk172026-06-10
8.12.2High risk172026-06-10
8.8.0High risk172026-06-10
8.8.1High risk172026-06-10
8.7.1High risk172026-06-10
8.7.2High risk172026-06-10
8.6.1High risk172026-06-10
8.6.0High risk172026-06-10
8.12.0High risk172026-06-10
8.11.0High risk172026-06-10
8.10.4-beta.3High risk172026-06-10
8.10.4-beta.2High risk172026-06-10
8.10.4-beta.1High risk172026-06-10
8.10.3High risk172026-06-10
8.11.0-beta.2High risk172026-06-10
8.11.0-beta.1High risk172026-06-10
8.10.2High risk172026-06-10
8.10.1High risk172026-06-10
8.10.0High risk172026-06-10
8.9.3High risk172026-06-10
8.9.2High risk172026-06-10
8.9.1High risk172026-06-10
8.9.0High risk172026-06-10
8.5.10-beta.2High risk172026-06-10
8.5.10High risk172026-06-10

Block this in CI

PkgRadar gates @playpilot/tpi (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @playpilot/[email protected]
Start free — 25 scans / moView full evidence