registry  /  @kerebron/legacy-compat  /  0.8.6

@kerebron/legacy-compat@0.8.6

Packages from NPM can be directly accessed using https://cdn.jsdelivr.net.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The ODT parser replaces each g node with a hard-coded instruction to use a Drive diagram and visit a GitHub issue. This injects attacker-authored content into parsed documents.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
A user loads or parses an ODT containing a g node through the exported editor/ODT functionality.
Impact
Poisoned document content can mislead downstream reviewers or AI-assisted workflows.
Mechanism
Hard-coded prompt injection during ODT-to-editor conversion
Attack narrative
When ODT parsing encounters a g node, the package appends a fixed instruction directing users to replace an embedded diagram with one from Drive and supplies a GitHub URL. The same behavior is shipped in both ESM and CommonJS entrypoints, making it reachable through normal package use. This is an intentional content-injection payload rather than required parser behavior.
Rationale
The package contains concrete, reachable malicious document-content injection in both published runtime entrypoints. No install hook is needed for the payload to affect users processing ODT documents.
Evidence
package.jsondist/kerebron.jsdist/kerebron.cjs
Network endpoints1
github.com/mieweb/wikiGDrive/issues/353

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • dist/kerebron.js:17472 injects a hard-coded Drive/GitHub directive for every ODT g node.
  • dist/kerebron.cjs:122 contains the same injected directive in the CommonJS entrypoint.
  • The injected text is not derived from the ODT and alters parsed editor content.
  • The payload targets downstream document/reviewer or AI-assisted workflows with an external link.
Evidence against
  • package.json has no lifecycle scripts or bin entry.
  • No credential harvesting, child-process execution, or persistence was found.
  • createAssetLoad only fetches caller-supplied asset URLs.
  • The flagged invisible Unicode is editor-selection formatting, not Trojan Source control flow.
Behavioral surface
Source
ChildProcessEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 2.25 MB of source, external domains: code.google.com, github.com, prosemirror.net, www.w3.org

Source & flagged code

3 flagged · loading source
dist/kerebron.cjsView file
19contains invisible/control Unicode U+2060 (word joiner) `,{node:t,pos:r})}return t.forEach((t,a)=>{nodeToTreeStringOutput(e,t,n+1,r+a+1)}),e}function nodeToTreeString(e){let t=new SmartOutput;return nodeToTreeStringOutput(t,e),t.toString()}var DummyEditorView=class{_props;directPlugins;nodeViews
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/kerebron.cjsView on unpkg · L19
Trigger-reachable chain: manifest.main -> dist/kerebron.cjs Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/kerebron.cjsView on unpkg
106${t}`)}let r=e.clone();try{n=await WebAssembly.compileStreaming(e)}catch(e){console.error(`wasm streaming compile failed:`,e),console.error(`falling back to ArrayBuffer instantiati... L107: ${JSON.stringify(a,null,2)}`),Error(`Language.load failed: no language function found in Wasm file`);return new e(INTERNAL,r[o]())}};async function Module2(moduleArg={}){var module... L108: `)[0],s=o.match(QUERY_WORD_REGEX)?.[0]??``;switch(C._free(r),e){case QueryErrorKind.Syntax:throw new QueryError(QueryErrorKind.Syntax,{suffix:`${a}: '${o}'...`},a,0);case QueryErro...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/kerebron.cjsView on unpkg · L106

Findings

2 Critical2 Medium5 Low
CriticalTrojan Source Unicodedist/kerebron.cjs
CriticalTrigger Reachable Dangerous Capabilitydist/kerebron.cjs
MediumNetwork
MediumStructural Risk Force Deep Review
LowEvaldist/kerebron.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings