registry  /  @radivi-ui/react-dialog  /  1.1.3

@radivi-ui/react-dialog@1.1.3

to help on react part

AI Security Review

scanned 3h ago · by lpm-firewall-ai

`index.js` executes at module load, runs local commands, and exfiltrates their output through DNS and HTTP. The code is unrelated to the declared React dialog package.

Static reason
No blocking static signals were detected.
Trigger
Requiring/importing the package entrypoint or running `npm start`.
Impact
Leaks host identity information to a third-party collaborator endpoint and establishes a malicious runtime execution path.
Mechanism
Import-time command execution with DNS/HTTP exfiltration.
Attack narrative
The declared entrypoint `index.js` immediately invokes code that executes `whoami` and `hostname`. It encodes each result and performs DNS resolution plus an HTTP request to a Burp Collaborator domain, deliberately transmitting local command output. No install hook is needed because requiring the package triggers the behavior.
Rationale
Direct source inspection confirms import-time local command execution and intentional out-of-band exfiltration to a non-package endpoint. This is concrete malicious behavior, not a benign React UI implementation.
Evidence
package.jsonindex.js
Network endpoints1
fexxej4o07ba7nbvi82ucsw4xv3mref3.oastify.com

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` imports `child_process.execSync`, DNS, and HTTP modules.
  • Importing `index.js` immediately runs an async main routine.
  • The routine executes `whoami` and `hostname` locally.
  • Command output is hex-encoded into a DNS subdomain and sent outward.
  • It also issues HTTP requests to a Burp Collaborator host.
  • The package purpose and contents do not implement a React dialog.
Evidence against
  • `package.json` contains no npm lifecycle install hooks.
  • Observed commands are limited to identity and hostname probes.
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 1 file(s), 2.68 KB of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

6 High1 Medium3 Low
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidence
MediumNetwork
LowScripts Present
LowHigh Entropy Strings
LowNo License