PkgRadar

npm · registry.npmjs.org

create-zerone

Credential File Packaged: package/templates/nestjs/.env

Why PkgRadar flagged 0.3.64

SeveritySignalEvidence
highCredential File Packagedpackage/templates/nestjs/.env · package/templates/nestjs/.env
highCredential File Packagedpackage/templates/vue-crx-template/.env · package/templates/vue-crx-template/.env
highCredential File Packagedpackage/templates/vue-giime-ts/.env · package/templates/vue-giime-ts/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
0.3.64High risk522026-06-13
0.3.62High risk372026-06-13
0.3.63High risk522026-06-13

Block this in CI

PkgRadar gates create-zerone (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence