npm · registry.npmjs.org

@smartive/graphql-magic

Credential File Packaged: package/.env

Why PkgRadar flagged 28.0.0

Severity	Signal	Evidence
high	Credential File Packaged	package/.env · package/.env

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`28.0.0`	Review	10	2026-06-17
`27.3.0`	Review	10	2026-06-11
`27.2.0`	Review	10	2026-06-11
`27.1.0`	Review	10	2026-06-09
`27.0.0`	Review	10	2026-06-09
`27.0.0-next.3`	Review	10	2026-06-09
`27.0.0-next.2`	Review	10	2026-06-09
`27.0.0-next.1`	Review	10	2026-06-08
`25.0.0-next.1`	Review	10	2026-06-08
`26.0.2`	Review	10	2026-06-03
`26.0.1`	Review	10	2026-05-28
`25.2.0`	Review	12	2026-05-27
`26.0.0`	Review	12	2026-05-27
`25.1.1`	Review	12	2026-05-27
`26.0.0-next.1`	Review	12	2026-05-27

Block this in CI

PkgRadar gates @smartive/graphql-magic (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @smartive/[email protected]