PkgRadar

npm · registry.npmjs.org

create-yxuer-vue

Credential File Packaged: package/template/.env

Why PkgRadar flagged 2.0.1

SeveritySignalEvidence
highCredential File Packagedpackage/template/.env · package/template/.env
mediumCredential file accessmatched ".npmrc" · package/src/index.js

Scanned versions

VersionVerdictScoreScanned (UTC)
2.0.1High risk502026-06-11
1.2.1High risk502026-06-10
1.2.2High risk502026-06-10
1.2.3High risk502026-06-10
2.0.0High risk502026-06-10

Block this in CI

PkgRadar gates create-yxuer-vue (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence