npm · registry.npmjs.org
orcaq
DNS / OAST exfiltration: matched "dns.lookup"
Why PkgRadar flagged 1.1.7
| Severity | Signal | Evidence |
|---|---|---|
| high | DNS / OAST exfiltration | matched "dns.lookup" · package/.output/server/node_modules/pg/lib/connection-parameters.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/.output/public/_nuxt/DtgJAz2h.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/.output/public/_nuxt/RFRrMFyH.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/.output/server/node_modules/consola/dist/index.mjs |
| medium | Obfuscation Density | high encoded/escaped-token density · package/.output/server/node_modules/consola/dist/chunks/prompt.mjs |
| medium | Large Javascript Payload | 2608246 bytes · package/.output/public/_nuxt/CrwM3gOU.js |
| medium | Large Javascript Payload | 4761294 bytes · package/.output/public/_nuxt/D7uoAo-G.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.1.8 | Low risk | 0 | 2026-06-03 |
1.1.7 | Review | 29 | 2026-05-26 |
1.1.5 | Review | 186 | 2026-05-24 |
1.1.6 | Review | 186 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]