PkgRadar

npm · registry.npmjs.org

@jonit-dev/night-watch-cli

Webhook Exfil Endpoint: matched "api.telegram.org/bot"

Why PkgRadar flagged 1.8.25-beta.0

SeveritySignalEvidence
highWebhook Exfil Endpointmatched "api.telegram.org/bot" · package/dist/cli.js
mediumRemote Payloadmatched "api.telegram.org/bot" · package/dist/cli.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.8.25-beta.0High risk522026-06-12
1.8.24High risk522026-06-12
1.8.23-beta.0High risk522026-06-12
1.8.22High risk522026-06-12
1.8.21-beta.1High risk522026-06-11
1.8.10-beta.0High risk522026-06-11
1.8.10-beta.1High risk522026-06-11
1.8.21-beta.0High risk522026-06-11
1.8.9High risk522026-06-11
1.8.14-beta.10High risk522026-06-10
1.8.14-beta.11High risk522026-06-10
1.8.20High risk522026-06-10
1.8.18-beta.0High risk522026-06-10
1.8.18-beta.1High risk522026-06-10
1.8.19High risk522026-06-10
1.8.17High risk522026-06-10
1.8.15High risk522026-06-10
1.8.16High risk522026-06-10
1.8.14-beta.12High risk522026-06-10

Block this in CI

PkgRadar gates @jonit-dev/night-watch-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @jonit-dev/[email protected]
Start free — 25 scans / moView full evidence