npm · registry.npmjs.org

patchwork-os

Webhook Exfil Endpoint: matched "ngrok-free.app"

Why PkgRadar flagged 0.2.0-beta.12.canary.230

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "ngrok-free.app" · package/dist/config.js
high	DNS / OAST exfiltration	matched "dig $DOMAIN)\"\n echo \" - Port 80 blocked\"\n echo \" Re-run manually: certbot --nginx -d $DOMAIN\"\n fi\nfi\n\n# ── 11. Start service ─────────────────────────────────────────────────────────\nsection \"Starting service\"\n\nsystemctl restart \"$SERVICE_NAME\"\n\necho -n \"Waiting for bridge...\"\nfor i in $(" · package/deploy/bootstrap-new-vps.sh
high	Install Lifecycle Suppresses Failure	postinstall="node scripts/postinstall.mjs \|\| true" · package.json
medium	Remote Payload	matched "raw.githubusercontent.com" · package/dist/recipeRoutes.js
medium	Remote Payload	matched "curl " · package/deploy/bootstrap-vps.sh
medium	Remote Payload	matched "curl " · package/deploy/install-vps-service.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.2.0-beta.12.canary.230`	High risk	39	2026-06-16
`0.2.0-beta.12.canary.229`	High risk	39	2026-06-16
`0.2.0-beta.12.canary.228`	High risk	39	2026-06-16
`0.2.0-beta.12.canary.227`	High risk	39	2026-06-16
`0.2.0-beta.12.canary.226`	High risk	39	2026-06-16
`0.2.0-beta.12.canary.224`	High risk	39	2026-06-16
`0.2.0-beta.12.canary.225`	High risk	39	2026-06-16
`0.2.0-beta.12.canary.223`	High risk	39	2026-06-16
`0.2.0-beta.12.canary.222`	High risk	39	2026-06-13
`0.2.0-beta.12.canary.221`	High risk	39	2026-06-13
`0.2.0-beta.12.canary.220`	High risk	39	2026-06-13
`0.2.0-beta.12.canary.219`	High risk	39	2026-06-10
`0.2.0-beta.12.canary.218`	High risk	39	2026-06-10
`0.2.0-beta.12`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.215`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.216`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.213`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.212`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.211`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.210`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.209`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.206`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.207`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.205`	High risk	39	2026-06-10
`0.2.0-beta.11.canary.203`	Review	39	2026-06-09
`0.2.0-beta.11.canary.201`	Review	39	2026-06-09
`0.2.0-beta.11.canary.202`	Review	39	2026-06-09
`0.2.0-beta.11.canary.199`	Review	39	2026-06-09
`0.2.0-beta.11.canary.200`	Review	39	2026-06-09
`0.2.0-beta.11.canary.197`	Review	39	2026-06-09
`0.2.0-beta.11.canary.196`	Review	39	2026-06-09
`0.2.0-beta.11.canary.194`	Review	39	2026-06-09
`0.2.0-beta.11.canary.193`	Review	39	2026-06-09
`0.2.0-beta.11.canary.192`	Review	39	2026-06-09
`0.2.0-beta.11.canary.191`	Review	39	2026-06-09
`0.2.0-beta.11.canary.190`	Review	39	2026-06-09
`0.2.0-beta.11.canary.189`	Review	39	2026-06-08
`0.2.0-beta.11.canary.188`	Review	39	2026-06-07
`0.2.0-beta.11.canary.187`	Review	39	2026-06-07
`0.2.0-beta.11.canary.186`	Review	39	2026-06-07
`0.2.0-beta.11.canary.185`	Review	39	2026-06-07
`0.2.0-beta.11.canary.184`	Review	39	2026-06-07
`0.2.0-beta.11.canary.183`	Review	39	2026-06-07
`0.2.0-beta.11.canary.182`	Review	39	2026-06-07
`0.2.0-beta.11.canary.181`	Review	39	2026-06-07
`0.2.0-beta.11.canary.180`	Review	39	2026-06-07
`0.2.0-beta.11.canary.179`	Review	39	2026-06-07
`0.2.0-beta.11.canary.178`	Review	39	2026-06-07
`0.2.0-beta.11.canary.177`	Review	39	2026-06-07
`0.2.0-beta.11.canary.176`	Review	39	2026-06-07
`0.2.0-beta.11.canary.175`	Review	39	2026-06-07
`0.2.0-beta.11.canary.173`	Review	39	2026-06-07
`0.2.0-beta.11.canary.174`	Review	39	2026-06-07
`0.2.0-beta.11.canary.172`	Review	39	2026-06-07
`0.2.0-beta.11.canary.171`	Review	39	2026-06-06
`0.2.0-beta.11`	Review	39	2026-06-06
`0.2.0-beta.10.canary.169`	Review	39	2026-06-06
`0.2.0-beta.10.canary.168`	Review	39	2026-06-06
`0.2.0-beta.10.canary.167`	Review	39	2026-06-06
`0.2.0-beta.10.canary.166`	Review	39	2026-06-06
`0.2.0-beta.10.canary.164`	Review	39	2026-06-05
`0.2.0-beta.10.canary.165`	Review	39	2026-06-05
`0.2.0-beta.10.canary.162`	Review	39	2026-06-05
`0.2.0-beta.10.canary.161`	Review	39	2026-06-05
`0.2.0-beta.10.canary.160`	Review	39	2026-06-05
`0.2.0-beta.10.canary.158`	Review	39	2026-06-05
`0.2.0-beta.10.canary.159`	Review	39	2026-06-05
`0.2.0-beta.10.canary.156`	Review	39	2026-06-05
`0.2.0-beta.10.canary.157`	Review	39	2026-06-05
`0.2.0-beta.10.canary.155`	Review	39	2026-06-05
`0.2.0-beta.10.canary.153`	Review	39	2026-06-05
`0.2.0-beta.10.canary.152`	Review	39	2026-06-05
`0.2.0-beta.10.canary.151`	Review	39	2026-06-05
`0.2.0-beta.10.canary.150`	Review	39	2026-06-05
`0.2.0-beta.10.canary.149`	Review	39	2026-06-05
`0.2.0-beta.10.canary.148`	Review	39	2026-06-05
`0.2.0-beta.10.canary.147`	Review	39	2026-06-05
`0.2.0-beta.10.canary.146`	Review	39	2026-06-05
`0.2.0-beta.10.canary.144`	Review	39	2026-06-05
`0.2.0-beta.10.canary.145`	Review	39	2026-06-05
`0.2.0-beta.10.canary.143`	Review	39	2026-06-05
`0.2.0-beta.10.canary.142`	Review	39	2026-06-05
`0.2.0-beta.10.canary.140`	Review	39	2026-06-04
`0.2.0-beta.10.canary.141`	Review	39	2026-06-04
`0.2.0-beta.10.canary.128`	Review	39	2026-06-04
`0.2.0-beta.10.canary.129`	Review	39	2026-06-04
`0.2.0-beta.10.canary.126`	Review	39	2026-06-04
`0.2.0-beta.10.canary.127`	Review	39	2026-06-04
`0.2.0-beta.10.canary.124`	Review	39	2026-06-04
`0.2.0-beta.10.canary.125`	Review	39	2026-06-04
`0.2.0-beta.10.canary.123`	Review	39	2026-06-04
`0.2.0-beta.10.canary.122`	Review	39	2026-06-04
`0.2.0-beta.10.canary.121`	Review	39	2026-06-04
`0.2.0-beta.10.canary.120`	Review	39	2026-06-04
`0.2.0-beta.10.canary.118`	Review	39	2026-06-03
`0.2.0-beta.10.canary.119`	Review	39	2026-06-03
`0.2.0-beta.10.canary.111`	Review	39	2026-06-03
`0.2.0-beta.10.canary.112`	Review	39	2026-06-03
`0.2.0-beta.10.canary.106`	Review	39	2026-06-03
`0.2.0-beta.10.canary.107`	Review	39	2026-06-03
`0.2.0-beta.10.canary.103`	Review	39	2026-06-03
`0.2.0-beta.10.canary.101`	Review	39	2026-06-03
`0.2.0-beta.10.canary.100`	Review	39	2026-06-03
`0.2.0-beta.10.canary.99`	Review	39	2026-06-03
`0.2.0-beta.10.canary.98`	Review	39	2026-06-03
`0.2.0-beta.10.canary.97`	Review	39	2026-06-02
`0.2.0-beta.10.canary.96`	Review	39	2026-06-02
`0.2.0-beta.10.canary.95`	Review	39	2026-06-02
`0.2.0-beta.10`	Review	39	2026-06-02
`0.2.0-beta.9.canary.92`	Review	39	2026-06-02
`0.2.0-beta.9.canary.93`	Review	39	2026-06-02
`0.2.0-beta.9.canary.91`	Review	39	2026-06-02
`0.2.0-beta.9.canary.90`	Review	39	2026-06-02
`0.2.0-beta.9.canary.89`	Review	39	2026-05-31
`0.2.0-beta.9.canary.88`	Review	39	2026-05-31
`0.2.0-beta.9.canary.86`	Review	39	2026-05-29
`0.2.0-beta.9`	Review	39	2026-05-29
`0.2.0-beta.9.canary.84`	Review	39	2026-05-29
`0.2.0-beta.8.canary.77`	Review	67	2026-05-27
`0.2.0-beta.8.canary.78`	Review	67	2026-05-27
`0.2.0-beta.8.canary.69`	Review	67	2026-05-26
`0.2.0-beta.8.canary.70`	Review	67	2026-05-26
`0.2.0-beta.8.canary.61`	Review	224	2026-05-25
`0.2.0-beta.8.canary.60`	Review	184	2026-05-25
`0.2.0-beta.8.canary.59`	Review	184	2026-05-25
`0.2.0-beta.8.canary.57`	Review	265	2026-05-24
`0.2.0-beta.7.canary.55`	Review	265	2026-05-24
`0.2.0-beta.7.canary.54`	Review	265	2026-05-24
`0.2.0-beta.8`	Review	265	2026-05-24
`0.2.0-beta.7.canary.52`	Review	265	2026-05-24
`0.2.0-beta.7.canary.51`	Review	265	2026-05-24
`0.2.0-beta.7`	Review	265	2026-05-24

Block this in CI

PkgRadar gates patchwork-os (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence