npm · registry.npmjs.org

@spfn/notification

Webhook Exfil Endpoint: matched "hooks.slack.com/services/"

Why PkgRadar flagged 0.1.0-beta.1

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "hooks.slack.com/services/" · package/dist/config/index.js
high	Webhook Exfil Endpoint	matched "hooks.slack.com/services/" · package/dist/server.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.0-beta.1`	High risk	55	2026-06-10
`0.1.0-beta.16`	High risk	55	2026-06-10
`0.1.0-beta.17`	High risk	55	2026-06-10
`0.1.0-beta.18`	High risk	55	2026-06-10
`0.1.0-beta.19`	High risk	55	2026-06-10

Block this in CI

PkgRadar gates @spfn/notification (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @spfn/[email protected]