PkgRadar

npm · registry.npmjs.org

@runtypelabs/react-flow

Credential File Packaged: package/example/.env

Why PkgRadar flagged 0.2.11

SeveritySignalEvidence
highCredential File Packagedpackage/example/.env · package/example/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.11High risk352026-06-10
0.2.9High risk352026-06-10
0.3.32Low risk02026-06-10
0.3.31Low risk02026-06-09
0.3.30Low risk02026-06-08
0.3.29Low risk02026-06-08
0.3.28Low risk02026-06-07
0.3.27Low risk02026-06-07
0.3.26Low risk02026-06-06
0.3.25Low risk02026-06-06
0.3.24Low risk02026-06-06
0.3.23Low risk02026-06-05
0.3.22Low risk02026-06-04
0.3.21Low risk02026-06-03
0.3.20Low risk02026-06-03
0.3.19Low risk02026-06-03
0.3.18Low risk02026-06-02
0.3.17Low risk02026-06-02
0.3.16Low risk02026-06-01
0.3.15Low risk02026-05-27
0.3.13Low risk02026-05-27
0.3.14Low risk02026-05-27

Block this in CI

PkgRadar gates @runtypelabs/react-flow (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @runtypelabs/[email protected]
Start free — 25 scans / moView full evidence