npm · registry.npmjs.org
xarc-webpack-cli
DNS / OAST exfiltration: matched "oast.pro"
Why PkgRadar flagged 1.0.0
| Severity | Signal | Evidence |
|---|---|---|
| high | DNS / OAST exfiltration | matched "oast.pro" · package/poc.js |
| high | Install Lifecycle Suppresses Failure | preinstall="node poc.js || true" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.0.1-security | Low risk | 0 | 2026-06-01 |
1.0.0 | High risk | 55 | 2026-05-30 |
Related campaigns
- fais072 — 2 releases, max score 85
Block this in CI
pkgradar gate --ecosystem npm [email protected]