PkgRadar

npm · registry.npmjs.org

create-babyboi

Credential file access: matched ".npmrc"

Why PkgRadar flagged 4.0.4

SeveritySignalEvidence
mediumCredential file accessmatched ".npmrc" · package/generators/backend.js
mediumCredential file accessmatched ".npmrc" · package/generators/frontend.js

Scanned versions

VersionVerdictScoreScanned (UTC)
4.0.4Review142026-06-02
4.0.2Review142026-06-02
4.0.0Review202026-06-01
4.0.1Review142026-06-01
2.9.9Review202026-05-29
2.9.8Review102026-05-25

Block this in CI

PkgRadar gates create-babyboi (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence