PkgRadar

npm · registry.npmjs.org

create-discord-bot

Credential File Packaged: package/template/Deno/.env

Why PkgRadar flagged 4.1.0

SeveritySignalEvidence
highCredential File Packagedpackage/template/Deno/.env · package/template/Deno/.env
highCredential File Packagedpackage/template/JavaScript/.env · package/template/JavaScript/.env
highCredential File Packagedpackage/template/TypeScript/.env · package/template/TypeScript/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
4.1.0Review302026-06-13
4.2.0-dev.1781353734-c20fdd797Low risk02026-06-13
4.2.0-dev.1779841317-3d6121589Low risk02026-05-27
4.2.0-dev.1779528402-e721e51b0Low risk02026-05-26
4.2.0-dev.1779754816-c95cbf267Low risk02026-05-26

Block this in CI

PkgRadar gates create-discord-bot (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence