npm · registry.npmjs.org

@vellumai/cli

Webhook Exfil Endpoint: matched "ngrok.app"

Why PkgRadar flagged 0.8.12-dev.202606130730.4d64b75

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "ngrok.app" · package/src/commands/pair.ts
medium	Remote Payload	matched "curl " · package/src/adapters/install.sh
medium	Remote Payload	matched "curl " · package/src/lib/docker.ts
medium	Remote Payload	matched "curl " · package/src/lib/local.ts

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.8.12-dev.202606130730.4d64b75`	High risk	38	2026-06-13
`0.8.12-dev.202606130540.3758c47`	High risk	38	2026-06-13
`0.8.12-dev.202606130318.6b9805d`	High risk	38	2026-06-13
`0.8.12-dev.202606130114.203bb30`	High risk	38	2026-06-13
`0.8.12`	High risk	38	2026-06-12
`0.8.12-dev.202606122337.5897832`	High risk	38	2026-06-12
`0.8.12-dev.202606122239.169d5e4`	High risk	38	2026-06-12
`0.8.12-staging.2`	High risk	76	2026-06-12
`0.8.11-dev.202606122104.e5b9dd5`	High risk	38	2026-06-12
`0.8.11-dev.202606122052.009469e`	High risk	76	2026-06-12
`0.8.11-dev.202606122025.f06346f`	High risk	76	2026-06-12
`0.8.11-dev.202606121945.5dce801`	High risk	76	2026-06-12
`0.8.11-dev.202606121851.26d5122`	High risk	38	2026-06-12
`0.8.11-dev.202606121625.5541181`	High risk	38	2026-06-12
`0.8.11-dev.202606121512.871577`	High risk	76	2026-06-12
`0.8.11-dev.202606121500.871577`	High risk	76	2026-06-12
`0.8.12-staging.1`	High risk	76	2026-06-12
`0.8.11-dev.202606121323.6ac9407`	High risk	38	2026-06-12
`0.8.11-dev.202606121124.ef8e25a`	High risk	38	2026-06-12
`0.8.11-dev.202606120935.ef8e25a`	High risk	76	2026-06-12
`0.8.11-dev.202606120751.ef8e25a`	High risk	76	2026-06-12
`0.8.11-dev.202606120544.842c4c6`	High risk	76	2026-06-12
`0.8.11-dev.202606120321.552e02e`	High risk	76	2026-06-12
`0.8.11-dev.202606120116.b9ee95b`	High risk	76	2026-06-12
`0.8.11-dev.202606120012.5656fc7`	High risk	76	2026-06-12
`0.8.11-dev.202606112338.1c15e19`	High risk	76	2026-06-11
`0.8.11-dev.202606112241.9ae2fdc`	High risk	76	2026-06-11
`0.8.11-dev.202606112147.04177ac`	High risk	76	2026-06-11
`0.8.11-dev.202606112057.e4bc22e`	High risk	76	2026-06-11
`0.8.11`	High risk	76	2026-06-11
`0.8.10-dev.202606111910.ead7030`	High risk	76	2026-06-11
`0.8.10-dev.202606111724.d4e5462`	High risk	76	2026-06-11
`0.8.10-dev.202606111519.39ad418`	High risk	76	2026-06-11
`0.8.11-staging.1`	High risk	76	2026-06-11
`0.8.10-dev.202606111334.d8a7740`	High risk	76	2026-06-11
`0.8.10-dev.202606111255.73ec993`	High risk	76	2026-06-11
`0.8.10-dev.202606111245.be4218b`	High risk	76	2026-06-11
`0.8.10-dev.202606111140.6a5e88c`	High risk	76	2026-06-11
`0.8.10-dev.202606110941.6cb149d`	High risk	76	2026-06-11
`0.8.10-dev.202606110755.6cb149d`	High risk	76	2026-06-11
`0.8.10-dev.202606110544.2aed335`	High risk	76	2026-06-11
`0.8.10-dev.202606110422.8c0e9aa`	High risk	76	2026-06-11
`0.8.10-dev.202606110317.792ac3c`	High risk	76	2026-06-11
`0.8.10-dev.202606110240.ef9212e`	High risk	76	2026-06-11
`0.8.10-dev.202606110112.319a8d3`	High risk	76	2026-06-11
`0.8.10-dev.202606110059.319a8d3`	High risk	76	2026-06-11
`0.8.10-dev.202606102342.319a8d3`	High risk	76	2026-06-11
`0.8.10-dev.202606102253.fbea648`	High risk	76	2026-06-10
`0.8.10-dev.202606102242.5285563`	High risk	76	2026-06-10
`0.8.10-dev.202606102225.a3947de`	High risk	76	2026-06-10
`0.8.10-dev.202606102147.02afd31`	High risk	76	2026-06-10
`0.8.10-dev.202606102100.3beeffc`	High risk	76	2026-06-10
`0.8.10-dev.202606101903.31e26e6`	High risk	76	2026-06-10
`0.8.10-dev.202606101714.d4b22de`	High risk	76	2026-06-10
`0.8.10-dev.202606101514.1c52ced`	High risk	76	2026-06-10
`0.8.10-dev.202606101436.d73da44`	High risk	76	2026-06-10
`0.8.10-dev.202606101324.2fc90b3`	High risk	76	2026-06-10
`0.8.10-dev.202606101122.0de2aff`	High risk	76	2026-06-10
`0.8.10-dev.202606100925.28c1cfb`	High risk	76	2026-06-10
`0.8.10-dev.202606100742.99a7fab`	High risk	76	2026-06-10
`0.8.10-dev.202606100317.c8b43c8`	High risk	76	2026-06-10
`0.8.10-dev.202606100110.1d2c8c4`	High risk	76	2026-06-10
`0.8.10-dev.202606092334.09948c8`	High risk	76	2026-06-10
`0.8.10-dev.202606092238.d04fd59`	High risk	76	2026-06-10
`0.8.10`	High risk	76	2026-06-10
`0.8.9-dev.202606092139.1f3b646`	High risk	76	2026-06-10
`0.8.9-dev.202606092047.e63da55`	High risk	76	2026-06-10
`0.8.10-staging.1`	High risk	76	2026-06-10
`0.8.9-dev.202606091946.122706e`	High risk	76	2026-06-10
`0.8.9-dev.202606091926.ebb2d62`	High risk	76	2026-06-10
`0.8.9-dev.202606091853.fbaa2ae`	High risk	76	2026-06-10
`0.8.9`	High risk	76	2026-06-10
`0.8.8-dev.202606091702.2771079`	High risk	76	2026-06-10
`0.8.9-staging.5`	High risk	76	2026-06-10
`0.8.8-dev.202606091516.3c27beb`	High risk	76	2026-06-10
`0.8.8-dev.202606091311.113d87f`	High risk	76	2026-06-10
`0.8.9-staging.4`	High risk	76	2026-06-10
`0.8.8-dev.202606090339.ad6ec5a`	High risk	76	2026-06-10
`0.8.8-dev.202606090318.74794fe`	High risk	76	2026-06-10
`0.8.8-dev.202606090227.d9f1d29`	High risk	76	2026-06-10
`0.8.8-dev.202606090218.6bcb462`	High risk	76	2026-06-10
`0.8.8-dev.202606082331.c911d0c`	High risk	76	2026-06-10
`0.8.8-dev.202606090104.b75d235`	High risk	76	2026-06-10
`0.8.8-dev.202606082236.8dbacc9`	High risk	76	2026-06-10
`0.8.9-staging.3`	High risk	76	2026-06-10
`0.8.8-dev.202606082140.a5125fe`	High risk	76	2026-06-10
`0.8.8-dev.202606082058.447e3b6`	High risk	76	2026-06-10
`0.8.8-dev.202606081950.5bd40e7`	High risk	76	2026-06-10
`0.8.8-dev.202606081859.f7bdc00`	High risk	76	2026-06-10
`0.8.8-dev.202606081714.5590368`	High risk	76	2026-06-10
`0.8.9-staging.2`	High risk	76	2026-06-10
`0.8.8-dev.202606081515.c77a9b6`	High risk	76	2026-06-10
`0.8.8-dev.202606081339.938c6ec`	High risk	76	2026-06-10
`0.8.9-staging.1`	High risk	76	2026-06-10
`0.8.8-dev.202606081143.f600053`	High risk	76	2026-06-10
`0.8.8-dev.202606080544.8b7fbff`	High risk	76	2026-06-10
`0.8.8-dev.202606080320.8b7fbff`	High risk	76	2026-06-10
`0.8.8-dev.202606080112.5f6d567`	High risk	76	2026-06-10
`0.8.8-dev.202606080009.0babb76`	High risk	76	2026-06-10
`0.8.8-dev.202606072328.6710d73`	High risk	76	2026-06-10
`0.8.8-dev.202606072131.4817a81`	High risk	76	2026-06-10
`0.8.8-dev.202606072033.0e97ff6`	High risk	76	2026-06-10
`0.8.8-dev.202606071935.547b6d2`	High risk	76	2026-06-10
`0.8.8-dev.202606071835.08695c1`	High risk	76	2026-06-10
`0.8.8-dev.202606071734.db66b83`	High risk	76	2026-06-10
`0.8.8-dev.202606071535.f449fc1`	High risk	76	2026-06-10
`0.8.8-dev.202606071441.cfe7f13`	High risk	76	2026-06-10
`0.8.8-dev.202606071338.2b9914e`	High risk	76	2026-06-10
`0.8.8-dev.202606071242.4ca7f3b`	High risk	76	2026-06-10
`0.8.8-dev.202606071138.c258385`	High risk	76	2026-06-10
`0.8.8-dev.202606071051.c258385`	High risk	76	2026-06-10
`0.8.8-dev.202606070049.ca91213`	High risk	76	2026-06-10
`0.8.8-dev.202606062128.ca91213`	High risk	76	2026-06-10
`0.8.8-dev.202606062031.571ee14`	High risk	76	2026-06-10
`0.8.8-dev.202606061935.99a472f`	High risk	76	2026-06-10
`0.8.8-dev.202606061835.dc283b1`	High risk	76	2026-06-10
`0.8.8-dev.202606061731.f1025b0`	High risk	76	2026-06-10
`0.8.8-dev.202606061714.60a1761`	High risk	76	2026-06-10
`0.8.8-dev.202606061701.9ee494c`	High risk	76	2026-06-10
`0.8.8-dev.202606061631.10cd5fe`	High risk	76	2026-06-10
`0.8.8-dev.202606061533.1a66375`	High risk	76	2026-06-10
`0.8.8-dev.202606061135.a446a08`	High risk	76	2026-06-10
`0.8.8-dev.202606061043.373bc8f`	High risk	76	2026-06-10
`0.8.8-dev.202606060043.60454ad`	High risk	76	2026-06-10
`0.8.8-dev.202606060901.61e1660`	High risk	76	2026-06-10
`0.8.8-dev.202606052332.17fc8ea`	High risk	76	2026-06-10
`0.8.8`	High risk	76	2026-06-10
`0.8.7-dev.202606052232.2ddc989`	High risk	76	2026-06-10
`0.8.7-dev.202606052220.6efc86d`	High risk	76	2026-06-10
`0.8.7-dev.202606052135.3e62c5a`	High risk	76	2026-06-10
`0.8.7-dev.202606052118.34cd356`	High risk	76	2026-06-10
`0.8.10-dev.202606100540.99a7fab`	High risk	76	2026-06-10
`0.8.7`	Review	36	2026-06-03
`0.8.6`	Review	36	2026-05-29
`0.8.4`	Review	41	2026-05-27
`0.8.5`	Review	41	2026-05-27

Block this in CI

PkgRadar gates @vellumai/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @vellumai/[email protected]

Start free — 25 scans / mo View full evidence