PkgRadar

Composer · packagist.org

oceancodex/wpsp-lite

Webhook Exfil Endpoint: matched "api.telegram.org/bot"

Why PkgRadar flagged 13.1.9

SeveritySignalEvidence
highWebhook Exfil Endpointmatched "api.telegram.org/bot" · oceancodex-wpsp-lite-6269c36/app/Jobs/AdminSendTelegramJob.php
mediumSuspicious Publish Context{"package_age_days":0,"publisher":"OceanCodex","burst_same_day":2,"burst_week":3,"lure":null,"version_anomaly":true,"new_account":false}

Scanned versions

VersionVerdictScoreScanned (UTC)
13.1.9High risk752026-06-19
12.1.9High risk652026-06-19

Block this in CI

PkgRadar gates oceancodex/wpsp-lite (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer oceancodex/[email protected]
Start free — 25 scans / moView full evidence