PkgRadar

npm · registry.npmjs.org

expo-updates

Credential File Packaged: package/e2e/fixtures/project_files/.env

Why PkgRadar flagged 29.0.18

SeveritySignalEvidence
highCredential File Packagedpackage/e2e/fixtures/project_files/.env · package/e2e/fixtures/project_files/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
56.0.19Low risk02026-06-10
56.0.18-canary-20260606-4d4666cLow risk02026-06-06
56.0.18Low risk02026-06-05
29.0.18Review102026-05-29
56.0.18-canary-20260526-6cd5e37Low risk02026-05-27
56.0.17Low risk02026-05-26
56.0.16Low risk02026-05-26
57.0.0-canary-20260526-13e89caLow risk02026-05-26

Block this in CI

PkgRadar gates expo-updates (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
expo-updates — npm security scan | PkgRadar