PkgRadar

npm · registry.npmjs.org

@yanqirenshi/d3.sitemap

Credential File Packaged: package/example/.env

Why PkgRadar flagged 0.1.1

SeveritySignalEvidence
highCredential File Packagedpackage/example/.env · package/example/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.1High risk352026-06-11
0.1.2High risk352026-06-11
0.2.0High risk352026-06-11
0.2.1Low risk02026-06-11

Block this in CI

PkgRadar gates @yanqirenshi/d3.sitemap (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @yanqirenshi/[email protected]
Start free — 25 scans / moView full evidence
@yanqirenshi/d3.sitemap — npm security scan | PkgRadar