PkgRadar

npm · registry.npmjs.org

@spritz-finance/widget

Credential File Packaged: package/example/.env

Why PkgRadar flagged 0.1.4

SeveritySignalEvidence
highCredential File Packagedpackage/example/.env · package/example/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.4High risk242026-06-10
0.1.5High risk242026-06-10

Block this in CI

PkgRadar gates @spritz-finance/widget (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @spritz-finance/[email protected]
Start free — 25 scans / moView full evidence