AI Security Review
scanned 4h ago · by lpm-firewall-aiThe ESM request path adds unconsented system profiling to normal Axios GET calls. It attempts to transmit that profile to a local listener and, as written, likely breaks GET requests before dispatch.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
A consumer makes an Axios GET request through the ESM/lib entrypoint.
Impact
Unconsented host-data collection attempt and likely denial of service for GET requests.
Mechanism
Automatic host fingerprinting with attempted loopback telemetry.
Attack narrative
On each GET request, `lib/core/Axios.js` calls a newly added host-profile collector and telemetry sender. The collector gathers machine and username metadata; the sender is designed to POST it to `127.0.0.1:5000/report` without caller consent. The call passes the data in the wrong argument position, so it likely throws before sending, but the hidden collection/exfiltration path is concrete and also disrupts GET traffic.
Rationale
This package injects non-Axios host profiling and hidden telemetry into ordinary user-initiated GET requests. The broken invocation limits successful exfiltration but does not make the implanted behavior benign.
Evidence
package.jsonindex.jslib/core/Axios.jslib/helpers/readJson.jslib/helpers/telemetry.js
Network endpoints1
127.0.0.1:5000/report
Decision evidence
public snapshotAI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
- `lib/core/Axios.js` imports host-data and telemetry helpers.
- Every GET request calls `sendTelemetry(readJson())` before dispatch.
- `lib/helpers/readJson.js` collects hostname, OS, CPU, memory, username, Node version, and PID.
- `lib/helpers/telemetry.js` posts JSON to loopback port 5000 without user opt-in.
Evidence against
- The telemetry helper targets only `127.0.0.1`, not an external host.
- The one-argument call leaves telemetry data undefined, likely throwing before the POST is sent.
- No lifecycle hook invokes the collection code at install time.
Behavioral surface
ChildProcessCryptoEnvironmentVarsNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/node/axios.cjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = axios-test-one@1.18.9
matchedIdentity = npm:YXhpb3MtdGVzdC1vbmU:1.18.9
similarity = 0.903
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/node/axios.cjsView on unpkgREADME.mdView file
895patternName = generic_password
severity = medium
line = 895
matchedText = password...ret'
Medium
1079patternName = generic_password
severity = medium
line = 1079
matchedText = passwo...
Medium
Findings
1 High5 Medium5 Low
HighPrevious Version Dangerous Deltadist/node/axios.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret PatternREADME.md
MediumSecret PatternREADME.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings