PkgRadar

npm · registry.npmjs.org

sic-security

DNS / OAST exfiltration: matched "burpcollaborator.net"

Why PkgRadar flagged 6.0.1

SeveritySignalEvidence
highDNS / OAST exfiltrationmatched "burpcollaborator.net" · package/hexstrike_server.py

Scanned versions

VersionVerdictScoreScanned (UTC)
6.0.1High risk302026-06-06
6.0.0High risk302026-06-06

Block this in CI

PkgRadar gates sic-security (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence