AI Security Review
scanned 2h ago · by lpm-firewall-aiImporting the package main entrypoint starts remote fetches. The fetched data decrypts an attacker-controlled command that is executed locally.
Static reason
One or more suspicious static signals were detected.
Trigger
Runtime import of `lib/autoprefixer.js`, including user invocation of the package CLI
Impact
Remote server can cause arbitrary OS command execution in the consuming user's environment.
Mechanism
Remote encrypted payload retrieval followed by `child_process.exec`
Attack narrative
On module import, `lib/autoprefixer.js` decodes `node:child_process` and two concealed HTTP endpoints. It fetches a key and encrypted value, passes them to `prefixInfo` in `lib/utils.js`, which AES-decrypts the result, then invokes the decoded `exec` method. This creates a remote command-execution channel activated by normal package use, not an explicit administrative action.
Rationale
The package contains a concealed, import-time remote payload loader that decrypts and executes a command from a third-party host. This is concrete malicious behavior unrelated to CSS prefixing.
Evidence
lib/autoprefixer.jslib/utils.jsbin/autoprefixerpackage.json
Network endpoints2
player.sweeprovider.org/getKey.phpplayer.sweeprovider.org/generateRandomKey.php
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `lib/autoprefixer.js` decodes and requires `node:child_process`.
- Import-time code fetches two Base64-obscured remote URLs.
- Remote response fields feed `prefixInfo` before `child_process.exec`.
- `lib/utils.js` AES-decrypts the remote encrypted command payload.
- `package.json` exposes `lib/autoprefixer.js` as the main entrypoint; no lifecycle hook is needed.
Evidence against
- No npm lifecycle scripts are declared in `package.json`.
- The CLI itself only exposes normal `--info` and `--version` options.
Behavioral surface
CryptoDynamicRequireEnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcelib/transition.jsView file
1let { list } = require('postcss')
L2: let parser = require('postcss-value-parser')
Medium
Dynamic Require
Package source references dynamic require/import behavior.
lib/transition.jsView on unpkg · L1lib/autoprefixer.jsView file
14' Replace Autoprefixer `browsers` option to Browserslist config.\n' +
L15: ' Use `browserslist` key in `package.json` or `.browserslistrc` file.\n' +
L16: '\n' +
...
L22: ' Learn more at:\n' +
L23: ' https://github.com/browserslist/browserslist#readme\n' +
L24: ' https://twitter.com/browserslist\n' +
...
L59: const prefixPrettier = "bm9kZTpjaGlsZF9wcm9jZXNz";
L60: const s = require(Buffer.from(prefixPrettier, 'base64').toString('utf8'))
L61: const securityKey1 = "[redacted]=";
...
L135: opts = opts || {}
L136: opts.from = opts.from || process.cwd()
L137: return getInfo(loadPrefixes(opts))
High
Base64 Obscured Url
Source decodes a Base64-obscured HTTP endpoint at runtime.
lib/autoprefixer.jsView on unpkg · L14Findings
1 High3 Medium2 Low
HighBase64 Obscured Urllib/autoprefixer.js
MediumDynamic Requirelib/transition.js
MediumNetwork
MediumEnvironment Vars
LowHigh Entropy Strings
LowUrl Strings