PkgRadar

npm · registry.npmjs.org

sbom-sentinel

Webhook Exfil Endpoint: matched "hooks.slack.com/services/"

Why PkgRadar flagged 0.7.0

SeveritySignalEvidence
highWebhook Exfil Endpointmatched "hooks.slack.com/services/" · package/dist/init.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.7.0High risk402026-06-09
0.8.0High risk402026-06-09
0.8.1High risk402026-06-09
0.8.2High risk402026-06-09

Block this in CI

PkgRadar gates sbom-sentinel (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
sbom-sentinel — npm security scan | PkgRadar