Package evidence

@seliseblocks/[email protected]

Credential File Packaged: package/templates/next-starter/.env/.env

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 3
Versions published: 2
First published: Feb 2024
Publisher: rafsun-selise

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@seliseblocks/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@seliseblocks/[email protected]"],"fail_on":"high"}'

Publisherrafsun-selise

Artifact bytes12,593,025

Previous versionnone

Published2024-02-22T04:15:53.991Z

SHA-25616d57ad493513514a6bb80f023ff2eb2818939a64bf0b18edb5c48fdd9809e2f

Why flagged

What the scanner saw

Credential File Packaged: package/templates/next-starter/.env/.env

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

32h agoLast checked

highRisk

35Score

1.0.2Version

Status history (1 event)

new → available32h ago · risk high · score 35 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Credential File Packaged	package/templates/next-starter/.env/.env	package/templates/next-starter/.env/.env	35

Show all 3 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Credential File Packaged	package/templates/next-starter/.env/.env	package/templates/next-starter/.env/.env	35
low	Obfuscation Density	package/templates/default/package-lock.json	high encoded/escaped-token density	0
low	Obfuscation Density	package/templates/next-starter/package-lock.json	high encoded/escaped-token density	0

Manifest

Package metadata

Scripts19

buildnode scripts/pre-build && next build
build:devnode scripts/pre-build && next build
build:prodnode scripts/pre-build prod && next build
build:stgnode scripts/pre-build stg && next build
devnode scripts/pre-build && next dev -H osmthomedxv.seliselocal.com -p 3001
dev:tsyarn dev & yarn ts:watch
linteslint "src/**/*.{js,jsx,ts,tsx}"
lint-fixnext lint --fix
lint:fixeslint --fix "src/**/*.{js,jsx,ts,tsx}"
preparehusky install
prettierprettier --write "src/**/*.{js,jsx,ts,tsx}"
re:buildyarn rm:all && yarn install && yarn build
re:build-npmnpm run rm:all && npm install && npm run build
re:startyarn rm:all && yarn install && yarn dev
rm:allrm -rf node_modules .next out dist build
startnext start -p 8083
testjest --passWithNoTests
tstsc --noEmit --incremental
ts:watchyarn ts --watch

Dependencies31

@auth0/auth0-react^2.2.3
@emotion/cache^11.10.5
@emotion/react^11.11.1
@faker-js/faker^8.3.1
@hookform/resolvers^3.3.2
@iconify/react^4.1.1
@mui/icons-material^5.15.3
@mui/lab^5.0.0-alpha.159
@mui/material^5.15.3
@mui/x-data-grid^6.19.2
@mui/x-date-pickers^6.19.2
@seliseblocks/next-core~1.4.5
@tanstack/react-query^5.17.9
axios^1.6.2
date-fns^2.30.0
framer-motion^10.16.16
html2canvas^1.4.1
lodash^4.17.21
next^14.0.4
nprogress^0.2.0
numeral^2.0.6
prop-types^15.8.1
react^18.2.0
react-apexcharts^1.4.1
react-dom^18.2.0
react-hook-form^7.48.2
react-lazy-load-image-component^1.6.0
simplebar-react^3.2.4
stylis^4.3.0
stylis-plugin-rtl^2.1.1
…and 1 more.