npm · registry.npmjs.org

@php-wasm/node

DNS / OAST exfiltration: matched "dns.lookup"

Why PkgRadar flagged 3.1.34

Severity	Signal	Evidence
high	DNS / OAST exfiltration	matched "dns.lookup" · package/index.cjs
high	DNS / OAST exfiltration	matched "dns.lookup" · package/index.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.1.36`	Low risk	0	2026-06-01
`3.1.34`	Review	15	2026-05-25
`3.1.35`	Review	15	2026-05-25

Block this in CI

PkgRadar gates @php-wasm/node (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @php-wasm/[email protected]