npm · registry.npmjs.org
ttspc-server-sample
DNS / OAST exfiltration: matched "burpcollaborator.net"
Why PkgRadar flagged 99.9.0
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | postinstall added in 99.9.0 vs 9.0.1: "node index.js" · package.json |
| high | DNS / OAST exfiltration | matched "burpcollaborator.net" · package/index.js |
| high | New Account With Lifecycle Hook | package first published 0 day(s) ago, 3 total version(s), has lifecycle hook · package.json |
| medium | Suspicious Publish Context | {"package_age_days":0,"publisher":"lobohunter","burst_same_day":2,"burst_week":2,"lure":null,"version_anomaly":true,"new_account":false} |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
99.9.0 | High risk | 85 | 2026-06-12 |
9.0.1 | Review | 10 | 2026-06-12 |
9.0.0 | High risk | 40 | 2026-06-12 |
Related campaigns
- lobohunter — 3 releases, max score 85
Block this in CI
pkgradar gate --ecosystem npm [email protected]