Aikido Intel
Secure My Code
Package Health

phished/core

AUTHORIZED BUG BOUNTY DEPENDENCY-CONFUSION CANARY. This empty placeholder claims the previously-unowned 'phished/core' Composer namespace on the public Packagist registry to neutralise the dependency-confusion attack surface affecting phished.io's CI. Contains zero functional code. The post-install hook executes a single PHP gethostbyname() DNS lookup to a researcher-controlled OAST endpoint - no HTTP requests, no file reads, no shell execution, no data transmitted beyond an unattributable 8-char hash of the installing host's name. Authorised by phished.io bug bounty program. Contact: mdinjamulhaque1@gmail.com.

Latest 99.99.99PackagistPackagist

0%

Total Score

Dependencies
Dependencies
Evaluates the health and security of package dependencies

100

Maturity
Maturity
Indicates package age, release frequency, and adoption metrics

0

Supply Chain
Supply Chain
Evaluates supply chain security practices and risks

100

Are you affected? Scan for Free
Malware icon

Malware detected in 1 version

Latest:v99.99.99, detected 4 days ago

Package versions

Maintainers

Phished Bug Bounty Researcher

Direct Dependencies

No direct dependencies.

Weekly Downloads

Info

Last Published
4 days ago
Created
4 days ago

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done