npm · registry.npmjs.org
fdb2
Webhook Exfil Endpoint: matched "ngrok.app"
Why PkgRadar flagged 1.0.24
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/dist/node_modules/.pnpm/[email protected]/node_modules/psl/dist/psl.cjs |
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/dist/node_modules/.pnpm/[email protected]/node_modules/psl/dist/psl.umd.cjs |
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/dist/node_modules/.pnpm/[email protected]/node_modules/psl/data/rules.js |
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/dist/node_modules/.pnpm/[email protected]/node_modules/psl/dist/psl.mjs |
| high | Credential File Packaged | package/bin/docker/.env · package/bin/docker/.env |
| medium | Remote Payload | matched "curl " · package/dist/node_modules/.pnpm/[email protected]/node_modules/better-sqlite3/deps/download.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.24 | High risk | 102 | 2026-06-03 |
1.0.22 | High risk | 35 | 2026-06-03 |
1.0.23 | High risk | 35 | 2026-06-03 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]