PkgRadar

Package evidence

@thinhnguyencth1204/[email protected]

Credential File Packaged: package/templates/next-base/.env

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
78
Versions published
3
First published
Jun 2026
Publisher
thinhnguyencth1204

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@thinhnguyencth1204/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@thinhnguyencth1204/[email protected]"],"fail_on":"high"}'
Publisherthinhnguyencth1204
Artifact bytes27,800
Previous version0.1.0
Published2026-06-09T15:58:53.310Z
SHA-256d5d685b11ef01ba25f28bf17952933095b9101f9cd44bae1aa6745e04d801c0e

Why flagged

What the scanner saw

Credential File Packaged: package/templates/next-base/.env

1 candidate cluster(s) currently reference this release.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
35Score
0.2.0Version
Status history (1 event)
  1. newavailable · risk high · score 35 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burstactive

thinhnguyencth1204

7 members · evidence strength 80
Publisher / release actor burstcandidate

thinhnguyencth1204

7 members · max score 80

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highCredential File Packagedpackage/templates/next-base/.envpackage/templates/next-base/.env35

Manifest

Package metadata

Scripts7
  • buildnext build
  • db:generateprisma generate
  • db:migrateprisma migrate dev
  • db:studioprisma studio
  • devnext dev
  • linteslint .
  • startnext start
Dependencies17
  • @prisma/client^7.8.0
  • @tanstack/react-form^1.0.3
  • @tanstack/react-query^5.56.2
  • @tanstack/react-query-devtools^5.56.2
  • @tanstack/react-table^8.20.5
  • axios^1.7.7
  • better-auth^1.6.11
  • class-variance-authority^0.7.0
  • clsx^2.1.1
  • date-fns^3.6.0
  • next^16.1.6
  • next-intl^4.13.0
  • react^19.0.0
  • react-dom^19.0.0
  • sonner^1.7.1
  • tailwind-merge^2.5.3
  • zod^3.23.8