registry  /  @vite-tab/tabui  /  7.15.16

@vite-tab/tabui@7.15.16

Native-ESM powered web dev build tool

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Running the exported `vite` executable evaluates an opaque, self-decoding payload appended to the CLI. The payload constructs and invokes hidden code rather than serving Vite functionality.

Static reason
High-risk behavior combination matched malicious policy.; source fingerprint signature matched known malicious package; routed for review
Trigger
User or tool invokes the package's `vite` bin.
Impact
Arbitrary attacker-controlled behavior can run with the invoking user's Node permissions.
Mechanism
Obfuscated constructor-based dynamic payload execution.
Attack narrative
The package replaces the expected CLI-only behavior with a hidden payload appended after the normal Vite bootstrap. On every `vite` invocation, that code reconstructs `constructor`, dynamically creates functions from encoded strings, and invokes the final hidden function. This is deliberate opaque execution in a developer tool entrypoint and is not explained by the package's stated build-tool purpose.
Rationale
Direct source inspection confirms an automatically executed, obfuscated dynamic-code loader in the public CLI entrypoint. Although it is not install-time, its concealed execution path is concrete malicious behavior.
Evidence
bin/vite.jspackage.json

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `bin/vite.js` appends a 7.5KB obfuscated payload after the normal CLI.
  • The appended code decodes `constructor`, builds a function from hidden strings, and invokes it during module evaluation.
  • The payload aliases `require`, `module`, `__dirname`, and `__filename` onto globals before executing.
  • The `vite` bin is exposed by `package.json`, so any `vite` CLI invocation triggers the hidden payload.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • The visible prefix of `bin/vite.js` is a normal Vite CLI bootstrap.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 2.81 MB of source, external domains: bugs.chromium.org, caniuse.com, developer.mozilla.org, dotenvx.com, ecma-international.org, eev.ee, en.wikipedia.org, example.com, foo.com, git-lfs.github.com, git.io, github.com, html.spec.whatwg.org, jquery.org, learn.microsoft.com, lodash.com, mathiasbynens.be, msdn.microsoft.com, nx.dev, pnpm.io, qntm.org, rollupjs.org, rushjs.io, stackoverflow.com, underscorejs.org, vitejs.dev, www.ibm.com, www.w3.org, yaml.org

Source & flagged code

10 flagged · loading source
dist/node/chunks/dep-Cy9twKMn.jsView file
17import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http'; L20: import { createServer as createServer$2, get as get$1 } from 'node:https'; ... L30: import { createHash as createHash$2 } from 'node:crypto'; L31: import { promises } from 'node:dns'; L32: import require$$3$1 from 'crypto'; ... L52: const __filename = __cjs_fileURLToPath(import.meta.url); L53: const __dirname = __cjs_dirname(__filename); L54: const require = __cjs_createRequire(import.meta.url); ... L93: let argv = process.argv || [], L94: env$1 = process.env;
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
17import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http'; L20: import { createServer as createServer$2, get as get$1 } from 'node:https'; ... L30: import { createHash as createHash$2 } from 'node:crypto'; L31: import { promises } from 'node:dns'; L32: import require$$3$1 from 'crypto'; ... L52: const __filename = __cjs_fileURLToPath(import.meta.url); L53: const __dirname = __cjs_dirname(__filename); L54: const require = __cjs_createRequire(import.meta.url); ... L93: let argv = process.argv || [], L94: env$1 = process.env;
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
17Trigger-reachable chain: manifest.main -> dist/node/index.js -> dist/node/chunks/dep-Cy9twKMn.js L17: import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http'; L20: import { createServer as createServer$2, get as get$1 } from 'node:https'; ... L30: import { createHash as createHash$2 } from 'node:crypto'; L31: import { promises } from 'node:dns'; L32: import require$$3$1 from 'crypto'; ... L52: const __filename = __cjs_fileURLToPath(import.meta.url); L53: const __dirname = __cjs_dirname(__filename); L54: const require = __cjs_createRequire(import.meta.url); ... L93: let argv = process.argv || [], L94: env$1 = process.env;
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
17import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http';
High
Child Process

Package source references child process execution.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
45119.execSync( L45120: 'powershell -NoProfile -Command "Get-CimInstance -Query \\"select executablepath from win32_process where executablepath is not null\\" | % { $_.ExecutablePath }"', L45121: {
High
Shell

Package source references shell execution.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L45119
17558function evalValue(rawValue) { L17559: const fn = new Function(` L17560: var console, exports, global, module, process, require
High
Eval

Package source references dynamic code evaluation.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17558
matchType = malicious_source_fingerprint_signature signature = b0725d999df74840 signatureType = suspicious_hashes sourceLabel = OpenSSF malicious-packages matchedPackage = @vite-tab/tab@5.7.0 matchedPath = dist/node/chunks/dep-Cy9twKMn.js matchedIdentity = npm:QHZpdGUtdGFiL3RhYg:5.7.0 similarity = 1.000 shingleOverlap = 13 summary = Malicious code in @vite-tab/tab (npm)
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg
17import { StringDecoder } from 'node:string_decoder'; L18: import { exec, execSync } from 'node:child_process'; L19: import { createServer as createServer$3, STATUS_CODES, get as get$2 } from 'node:http'; L20: import { createServer as createServer$2, get as get$1 } from 'node:https'; ... L30: import { createHash as createHash$2 } from 'node:crypto'; L31: import { promises } from 'node:dns'; L32: import require$$3$1 from 'crypto'; ... L52: const __filename = __cjs_fileURLToPath(import.meta.url); L53: const __dirname = __cjs_dirname(__filename); L54: const require = __cjs_createRequire(import.meta.url); ... L93: let argv = process.argv || [], L94: env$1 = process.env;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/node/chunks/dep-Cy9twKMn.jsView on unpkg · L17
dist/node/runtime.jsView file
911} L912: processImport(exports, fetchResult, metadata) { L913: if (!("externalize" in fetchResult))
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/node/runtime.jsView on unpkg · L911
bin/vite.jsView file
61start() L62: }; ...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

bin/vite.jsView on unpkg · L61

Findings

3 Critical5 High4 Medium7 Low
CriticalCredential Exfiltrationdist/node/chunks/dep-Cy9twKMn.js
CriticalRemote Asset Decode Executedist/node/chunks/dep-Cy9twKMn.js
CriticalTrigger Reachable Dangerous Capabilitydist/node/chunks/dep-Cy9twKMn.js
HighChild Processdist/node/chunks/dep-Cy9twKMn.js
HighShelldist/node/chunks/dep-Cy9twKMn.js
HighEvaldist/node/chunks/dep-Cy9twKMn.js
HighObfuscated Payload Loaderbin/vite.js
HighKnown Malware Source Fingerprint Signaturedist/node/chunks/dep-Cy9twKMn.js
MediumDynamic Requiredist/node/runtime.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/node/chunks/dep-Cy9twKMn.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings