PkgRadar

npm · registry.npmjs.org

mangoose-xempp

Credential File Packaged: package/templates/sms/backend-project/.env

Why PkgRadar flagged 1.0.4

SeveritySignalEvidence
highCredential File Packagedpackage/templates/sms/backend-project/.env · package/templates/sms/backend-project/.env
highCredential File Packagedpackage/templates/srms/.env · package/templates/srms/.env
highCredential File Packagedpackage/templates/srms/backend-mongodb/.env · package/templates/srms/backend-mongodb/.env
highCredential File Packagedpackage/templates/srms/backend-mysql/.env · package/templates/srms/backend-mysql/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.4High risk772026-06-10
1.0.3High risk242026-06-10
1.0.1Low risk02026-05-30
1.0.2Low risk02026-05-30
1.0.0Low risk02026-05-30

Block this in CI

PkgRadar gates mangoose-xempp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence