PkgRadar

npm · registry.npmjs.org

wml-core

DNS / OAST exfiltration: matched "dns.resolve"

Why PkgRadar flagged 99.0.1

SeveritySignalEvidence
highDNS / OAST exfiltrationmatched "dns.resolve" · package/poc.js
highInstall Lifecycle Remote Or Execpreinstall="node poc.js || true" · package.json
highInstall Lifecycle Suppresses Failurepreinstall="node poc.js || true" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
99.0.1High risk852026-05-25

Block this in CI

PkgRadar gates wml-core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence