PkgRadar

npm · registry.npmjs.org

@zintrust/core

Credential File Packaged: package/src/services/default/test/.env

Why PkgRadar flagged 2.4.1

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 2.4.1 vs 2.4.0: "node -e \"process.exit(0)\"" · package.json
highCredential File Packagedpackage/src/services/default/test/.env · package/src/services/default/test/.env
highCredential File Packagedpackage/src/services/default/users/.env · package/src/services/default/users/.env
highInstall Lifecycle Remote Or Execpostinstall="node -e \"process.exit(0)\"" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.5.8Review402026-06-12
2.5.7Review282026-06-12
2.5.6Review282026-06-12
2.5.5Review282026-06-12
2.5.4Review402026-06-12
2.5.3Review402026-06-11
2.5.2Review282026-06-11
2.4.1High risk1852026-06-10
2.5.1Review402026-06-08
2.5.0Review282026-06-03
2.4.9Review402026-06-02
2.4.8Review282026-06-02
2.4.7Review282026-06-01
2.4.6Review282026-06-01
2.4.4Review402026-06-01
2.4.5Review282026-06-01
2.4.3Review282026-06-01
2.4.2Review282026-05-31
2.4.0Review282026-05-31
2.3.0Review282026-05-29
2.3.1Review282026-05-29
2.2.9Review282026-05-29
2.2.8Review402026-05-29
2.2.7Review282026-05-29
2.2.5Review282026-05-28
2.2.6Review282026-05-28
2.2.2Review402026-05-28
2.2.3Review282026-05-28
2.2.0Review452026-05-28
2.2.1Review312026-05-28
2.1.7Review312026-05-27
2.1.6Review312026-05-27
2.1.4Review452026-05-27
2.1.5Review312026-05-27
2.1.1Review312026-05-26
2.1.2Review312026-05-26
2.0.8Review312026-05-25
2.1.0Review312026-05-25

Block this in CI

PkgRadar gates @zintrust/core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @zintrust/[email protected]
Start free — 25 scans / moView full evidence