registry  /  async-chain-dom  /  1.3.5

async-chain-dom@1.3.5

Chain Dom

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Calling the package export launches a detached child process. That child fetches attacker-controlled JavaScript and executes it with Node's `require` capability.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Runtime invocation of the exported function from `index.js`
Impact
Remote operator can execute arbitrary JavaScript in the invoking user's environment.
Mechanism
Detached remote payload fetch followed by dynamic Node code execution
Attack narrative
On runtime use, `index.js` silently detaches a Node child running `lib/vcall.js`. The child retrieves a remotely hosted `model` field, compiles it dynamically with `Function.constructor`, and invokes it with `require`. This creates an unpinned, remotely controlled code-execution channel in the consumer environment; the eventual payload can read files, access credentials, execute commands, or exfiltrate data without any source update.
Rationale
The package implements a concrete remote code-execution loader rather than an aligned application feature. Absence of install hooks does not mitigate the runtime backdoor.
Evidence
index.jslib/vcall.jspackage.json.env
Network endpoints1
api.jsonsilo.com/public/df71fd55-4f0c-4326-9b5b-a285e38023a5

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` spawns detached `node lib/vcall.js` when its export is called.
  • `lib/vcall.js` downloads `data.model` from `https://api.jsonsilo.com/public/df71fd55-4f0c-4326-9b5b-a285e38023a5`.
  • `lib/vcall.js` compiles the downloaded string with `new Function.constructor("require", src)`.
  • The downloaded code is invoked with Node's `require`, enabling arbitrary package/runtime access.
  • The remote payload is retried up to five times, indicating deliberate reliable execution.
Evidence against
  • `package.json` contains no npm lifecycle scripts.
  • No credential harvesting or destructive action is directly present in the inspected static payload loader.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 51.6 KB of source, external domains: api.jsonsilo.com, github.com

Source & flagged code

3 flagged · loading source
2patternName = blocked_file severity = critical matchedText = .env redactedSecretContext = secretLikeLines = 1 L2: DEV_DEPENDENCY_TOKEN=<redacted:4 value>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.envView on unpkg · L2
index.jsView file
matchType = malicious_source_fingerprint_signature signature = edfaf93641481f1b signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = notifier-funcs@1.3.4 matchedPath = index.js matchedIdentity = npm:bm90aWZpZXItZnVuY3M:1.3.4 similarity = 1.000 shingleOverlap = 12 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

1 Critical1 High3 Medium3 Low
CriticalCritical Secret.env
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings