Package evidence
pipeline-check==1.14.1
Webhook Exfil Endpoint: matched "webhook.site"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 24
- First published
- Apr 2026
- Publisher
- Daniel Martin
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["pipeline-check==1.14.1"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["pipeline-check==1.14.1"],"fail_on":"high"}'Why flagged
What the scanner saw
Webhook Exfil Endpoint: matched "webhook.site"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 205 · status changed
Evidence
Static findings
83 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/_malicious.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/_primitives/remote_script_exec.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/_primitives/top_actions.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/aws/rules/cb011_malicious_buildspec.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/azure/rules/ado016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/azure/rules/ado026_malicious_activity.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/bitbucket/rules/bb012_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/bitbucket/rules/bb025_malicious_activity.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/bitbucket/rules/bb030_npm_audit_signatures.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/circleci/rules/cc016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/circleci/rules/cc026_malicious_activity.py | matched "webhook.site" | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/cloudbuild/rules/gcb027_malicious_activity.py | matched "webhook.site" | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/cloudformation/rules/cb011_malicious_buildspec.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/devenv/rules/dev007_mcp_command_server.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha027_malicious_activity.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha044_build_tool_ppe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha056_known_worm_indicators.py | matched "webhook.site" | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha057_secret_scanner_exfil.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha059_npm_audit_signatures.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl025_malicious_activity.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl034_npm_audit_signatures.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/jenkins/rules/jf016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| medium | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/pypi/rules/pypi006_compromised_package.py | matched "AWS_ACCESS_KEY" | 10 |
Show all 83 findings (low-signal and informational)
Showing 60 of 83 findings.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/_malicious.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/_primitives/remote_script_exec.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/_primitives/top_actions.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/aws/rules/cb011_malicious_buildspec.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/azure/rules/ado016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/azure/rules/ado026_malicious_activity.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/bitbucket/rules/bb012_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/bitbucket/rules/bb025_malicious_activity.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/bitbucket/rules/bb030_npm_audit_signatures.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/circleci/rules/cc016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/circleci/rules/cc026_malicious_activity.py | matched "webhook.site" | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/cloudbuild/rules/gcb027_malicious_activity.py | matched "webhook.site" | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/cloudformation/rules/cb011_malicious_buildspec.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/devenv/rules/dev007_mcp_command_server.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha027_malicious_activity.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha044_build_tool_ppe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha056_known_worm_indicators.py | matched "webhook.site" | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha057_secret_scanner_exfil.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha059_npm_audit_signatures.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Webhook Exfil Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl025_malicious_activity.py | matched "webhook.site" | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl034_npm_audit_signatures.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| high | Python Bun Js Exec | pipeline_check-1.14.1/pipeline_check/core/checks/jenkins/rules/jf016_curl_pipe.py | Python file references the Bun JavaScript runtime — cross-language execution | 40 |
| medium | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/pypi/rules/pypi006_compromised_package.py | matched "AWS_ACCESS_KEY" | 10 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/cli.py | matched ".npmrc" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/autofix/_impl.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/chains/rules/ac001_fork_pr_credential_theft.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/chains/rules/ac003_unpinned_action_to_credentials.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/_malicious.py | matched "id_rsa" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/_patterns.py | matched "aws_access_key" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/_primitives/local_mock.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Messenger Bot Endpoint | pipeline_check-1.14.1/pipeline_check/core/checks/_primitives/secret_verifiers/telegram.py | matched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler) | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/argo/rules/argo006_literal_secrets.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/aws/rules/iam007_key_age.py | matched ".aws/" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/azure/rules/ado003_literal_secrets.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/azure/rules/ado014_aws_long_lived.py | matched "aws_access_key" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/bitbucket/rules/bb003_literal_secrets.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/bitbucket/rules/bb011_aws_long_lived.py | matched "aws_access_key" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/buildkite/rules/bk002_literal_secrets.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/circleci/rules/_helpers.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/circleci/rules/cc005_aws_long_lived.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/circleci/rules/cc008_literal_secrets.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/cloudbuild/rules/gcb012_literal_secrets.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/dockerfile/rules/df019_copy_credential_file.py | matched "id_rsa" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/dockerfile/rules/df024_npm_install_scripts_enabled.py | matched ".npmrc" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/dockerfile/rules/df025_npmrc_authtoken_in_layer.py | matched ".npmrc" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/drone/rules/dr004_literal_secret.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha005_aws_long_lived.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha008_literal_secrets.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha028_shell_eval.py | matched ".aws/" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha050_publish_without_oidc.py | matched ".npmrc" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha057_secret_scanner_exfil.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha099_deploy_env_plaintext_secret.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/github/rules/gha105_self_hosted_untrusted_trigger.py | matched ".aws/" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl003_literal_secrets.py | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl013_aws_long_lived.py | matched "aws_access_key" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/gitlab/rules/gl050_publish_long_lived_token.py | matched ".npmrc" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/jenkins/rules/_helpers.py | matched "aws_access_key" | 5 |
| low | Credential file access | pipeline_check-1.14.1/pipeline_check/core/checks/jenkins/rules/jf004_aws_long_lived.py | matched "AWS_ACCESS_KEY" | 5 |