PkgRadar

npm · registry.npmjs.org

create-zuplo-api

Credential file access: matched ".npmrc"

Why PkgRadar flagged 6.70.48

SeveritySignalEvidence
highCredential file accessmatched ".npmrc" · package/dist/index.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/index.js

Scanned versions

VersionVerdictScoreScanned (UTC)
6.71.2Low risk02026-06-16
6.71.1Low risk02026-06-16
6.71.0Low risk02026-06-15
6.70.71Low risk02026-06-12
6.70.70Low risk02026-06-10
6.70.69Low risk02026-06-09
6.70.68Low risk02026-06-09
6.70.67Low risk02026-06-08
6.70.66Low risk02026-06-06
6.70.63Low risk02026-06-04
6.70.62Low risk02026-06-03
6.70.61Low risk02026-06-02
6.70.60Low risk02026-06-02
6.70.59Low risk02026-06-01
6.70.57Low risk02026-05-29
6.70.56Low risk02026-05-28
6.70.55Low risk02026-05-28
6.70.54Low risk02026-05-28
6.70.53Low risk02026-05-27
6.70.51Low risk02026-05-27
6.70.50Low risk02026-05-26
6.70.49Low risk02026-05-25
6.70.48Review422026-05-24
6.70.47Review422026-05-24
6.70.46Review422026-05-24

Block this in CI

PkgRadar gates create-zuplo-api (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence