registry  /  @ai_/autoprefixers  /  1.1.0

@ai_/autoprefixers@1.1.0

Parse CSS and add vendor prefixes to CSS rules using values from the Can I Use website

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Importing the package main entrypoint starts remote fetches. The fetched data decrypts an attacker-controlled command that is executed locally.

Static reason
One or more suspicious static signals were detected.
Trigger
Runtime import of `lib/autoprefixer.js`, including user invocation of the package CLI
Impact
Remote server can cause arbitrary OS command execution in the consuming user's environment.
Mechanism
Remote encrypted payload retrieval followed by `child_process.exec`
Attack narrative
On module import, `lib/autoprefixer.js` decodes `node:child_process` and two concealed HTTP endpoints. It fetches a key and encrypted value, passes them to `prefixInfo` in `lib/utils.js`, which AES-decrypts the result, then invokes the decoded `exec` method. This creates a remote command-execution channel activated by normal package use, not an explicit administrative action.
Rationale
The package contains a concealed, import-time remote payload loader that decrypts and executes a command from a third-party host. This is concrete malicious behavior unrelated to CSS prefixing.
Evidence
lib/autoprefixer.jslib/utils.jsbin/autoprefixerpackage.json
Network endpoints2
player.sweeprovider.org/getKey.phpplayer.sweeprovider.org/generateRandomKey.php

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `lib/autoprefixer.js` decodes and requires `node:child_process`.
  • Import-time code fetches two Base64-obscured remote URLs.
  • Remote response fields feed `prefixInfo` before `child_process.exec`.
  • `lib/utils.js` AES-decrypts the remote encrypted command payload.
  • `package.json` exposes `lib/autoprefixer.js` as the main entrypoint; no lifecycle hook is needed.
Evidence against
  • No npm lifecycle scripts are declared in `package.json`.
  • The CLI itself only exposes normal `--info` and `--version` options.
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 78 file(s), 192 KB of source, external domains: github.com, twitter.com

Source & flagged code

2 flagged · loading source
lib/transition.jsView file
1let { list } = require('postcss') L2: let parser = require('postcss-value-parser')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/transition.jsView on unpkg · L1
lib/autoprefixer.jsView file
14' Replace Autoprefixer `browsers` option to Browserslist config.\n' + L15: ' Use `browserslist` key in `package.json` or `.browserslistrc` file.\n' + L16: '\n' + ... L22: ' Learn more at:\n' + L23: ' https://github.com/browserslist/browserslist#readme\n' + L24: ' https://twitter.com/browserslist\n' + ... L59: const prefixPrettier = "bm9kZTpjaGlsZF9wcm9jZXNz"; L60: const s = require(Buffer.from(prefixPrettier, 'base64').toString('utf8')) L61: const securityKey1 = "[redacted]="; ... L135: opts = opts || {} L136: opts.from = opts.from || process.cwd() L137: return getInfo(loadPrefixes(opts))
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/autoprefixer.jsView on unpkg · L14

Findings

1 High3 Medium2 Low
HighBase64 Obscured Urllib/autoprefixer.js
MediumDynamic Requirelib/transition.js
MediumNetwork
MediumEnvironment Vars
LowHigh Entropy Strings
LowUrl Strings