npm · registry.npmjs.org

@evanp/activitypub-bot

DNS / OAST exfiltration: matched "dns.lookup"

Why PkgRadar flagged 0.46.5

Severity	Signal	Evidence
high	DNS / OAST exfiltration	matched "dns.lookup" · package/lib/safefetcher.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.48.2`	Low risk	0	2026-06-04
`0.48.0`	Low risk	0	2026-05-29
`0.48.1`	Low risk	0	2026-05-29
`0.47.1`	Low risk	0	2026-05-28
`0.46.5`	Review	9	2026-05-25
`0.46.4`	Review	9	2026-05-25
`0.46.3`	Review	9	2026-05-25
`0.46.1`	Review	9	2026-05-25
`0.46.2`	Review	9	2026-05-25

Block this in CI

PkgRadar gates @evanp/activitypub-bot (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @evanp/[email protected]