PkgRadar

npm · registry.npmjs.org

payment-kit

Credential File Packaged: package/.env

Why PkgRadar flagged 1.29.8

SeveritySignalEvidence
highCredential File Packagedpackage/.env · package/.env

Scanned versions

VersionVerdictScoreScanned (UTC)
1.29.8High risk172026-06-16
1.29.7High risk172026-06-15
1.29.6High risk172026-06-15
1.29.5High risk172026-06-15
1.29.4High risk172026-06-14
1.29.3High risk172026-06-14
1.29.2High risk172026-06-13
1.29.1High risk172026-06-11
1.29.0High risk172026-06-10
1.27.1High risk172026-06-10
1.27.2Review352026-05-25
1.28.0Review352026-05-25

Block this in CI

PkgRadar gates payment-kit (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence