npm · registry.npmjs.org

@daloyjs/core

DNS / OAST exfiltration: matched "dns.lookup"

Why PkgRadar flagged 0.35.2

Severity	Signal	Evidence
high	DNS / OAST exfiltration	matched "dns.lookup" · package/dist/fetch-guard.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.38.0`	Low risk	0	2026-06-10
`0.37.0`	Low risk	0	2026-05-31
`0.35.1`	Low risk	0	2026-05-30
`0.35.0`	Low risk	0	2026-05-30
`0.36.0`	Low risk	0	2026-05-29
`0.35.2`	Review	9	2026-05-28
`0.34.3`	Review	12	2026-05-24

Block this in CI

PkgRadar gates @daloyjs/core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @daloyjs/[email protected]