npm · registry.npmjs.org
@openlife/cli
Webhook Exfil Endpoint: matched "api.telegram.org/bot"
Why PkgRadar flagged 1.21.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "api.telegram.org/bot" · package/dist/index.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/orchestrator/Gateway.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/index.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/orchestrator/SystemDoctor.js |
| medium | Credential file access | matched ".npmrc" · package/dist/util/npmrc.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.21.0 | High risk | 116 | 2026-06-13 |
1.20.0 | High risk | 116 | 2026-06-13 |
1.19.7 | High risk | 81 | 2026-06-10 |
1.19.8 | High risk | 81 | 2026-06-10 |
1.19.3 | High risk | 81 | 2026-06-10 |
1.22.0 | High risk | 81 | 2026-06-10 |
1.19.2 | Review | 23 | 2026-05-25 |
1.19.1 | Review | 23 | 2026-05-25 |
1.18.3 | Review | 20 | 2026-05-25 |
1.19.0 | Review | 23 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm @openlife/[email protected]