npm · registry.npmjs.org

polymind

Credential File Packaged: package/.next/standalone/polymind/.env

Why PkgRadar flagged 1.0.2

Severity	Signal	Evidence
high	Credential File Packaged	package/.next/standalone/polymind/.env · package/.next/standalone/polymind/.env
medium	Remote Payload	matched "github.com/FiloSottile/mkcert/releases/download" · package/.next/standalone/polymind/node_modules/.pnpm/[email protected]_@[email protected][email protected][email protected][email protected]/node_modules/next/dist/lib/mkcert.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.2`	High risk	52	2026-06-03
`1.0.1`	High risk	52	2026-06-03
`1.0.0`	Review	17	2026-05-30

Block this in CI

PkgRadar gates polymind (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]