PkgRadar

npm · registry.npmjs.org

koa-classic-server

Credential File Packaged: package/__tests__/hidden-fixtures/.env

Why PkgRadar flagged 3.0.0

SeveritySignalEvidence
highCredential File Packagedpackage/__tests__/hidden-fixtures/.env · package/__tests__/hidden-fixtures/.env
highCredential File Packagedpackage/__tests__/hidden-fixtures/subdir/.env · package/__tests__/hidden-fixtures/subdir/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
3.0.0High risk352026-06-10
3.0.1High risk352026-06-10
1.0.0Low risk02026-06-10
2.6.1Low risk02026-06-10
3.0.0-alpha.0High risk352026-06-10

Block this in CI

PkgRadar gates koa-classic-server (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence