npm · registry.npmjs.org
@smmachine/launcher
Credential File Packaged: package/apps/webapp/.next/standalone/apps/webapp/.env
Why PkgRadar flagged 0.3.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential File Packaged | package/apps/webapp/.next/standalone/apps/webapp/.env · package/apps/webapp/.next/standalone/apps/webapp/.env |
| high | Credential file access | matched "github_token" · package/dist/index.cjs |
| high | Credential file access | matched "github_token" · package/dist/rest/main.cjs |
| high | Credential file access | matched "github_token" · package/apps/webapp/.next/server/chunks/ssr/[root-of-the-server]__0tdz~ex._.js |
| high | Credential file access | matched "github_token" · package/apps/webapp/.next/standalone/apps/webapp/.next/server/chunks/ssr/[root-of-the-server]__0tdz~ex._.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/dist/rest/main.cjs |
| medium | Obfuscation Density | high encoded/escaped-token density · package/apps/webapp/.next/standalone/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/next-server/app-page-turbo-experimental.runtime.prod.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/apps/webapp/.next/standalone/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/next-server/app-page-turbo.runtime.prod.js |
| medium | Remote Payload | matched "cUrl " · package/apps/webapp/.next/standalone/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected][email protected]/node_modules/next/dist/client/components/segment-cache/cache.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/apps/webapp/.next/standalone/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/comment-json/index.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/apps/webapp/.next/standalone/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/conf/index.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/apps/webapp/.next/standalone/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/conf/index.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.3.0 | Review | 133 | 2026-05-24 |
0.4.0 | Review | 133 | 2026-05-24 |
Related campaigns
- credential_file_packaged:package/apps/webapp/.next/standalone/apps/webapp/.env — 2 releases, max score 396
Block this in CI
pkgradar gate --ecosystem npm @smmachine/[email protected]