npm · registry.npmjs.org

@dreamtree-org/korm-js

Webhook Exfil Endpoint: matched "ngrok.app"

Why PkgRadar flagged 1.0.27

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "ngrok.app" · package/dist/node_modules/psl/dist/psl.cjs
high	Webhook Exfil Endpoint	matched "ngrok.app" · package/dist/node_modules/psl/dist/psl.umd.cjs
high	Webhook Exfil Endpoint	matched "ngrok.app" · package/dist/node_modules/psl/data/rules.js
high	Webhook Exfil Endpoint	matched "ngrok.app" · package/dist/node_modules/psl/dist/psl.mjs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.27`	High risk	60	2026-06-11
`1.1.0`	Low risk	0	2026-06-11
`1.0.60`	Low risk	0	2026-06-04
`1.0.59`	Low risk	0	2026-06-03
`1.0.58`	Low risk	0	2026-06-02
`1.0.57`	Low risk	0	2026-06-01
`1.0.56`	Low risk	0	2026-06-01
`1.0.55`	Low risk	0	2026-05-25
`1.0.53`	Low risk	0	2026-05-24
`1.0.54`	Low risk	0	2026-05-24

Block this in CI

PkgRadar gates @dreamtree-org/korm-js (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @dreamtree-org/[email protected]