AI Security Review
scanned 10d ago · by lpm-firewall-aiThe package executes remote code on module load. Its main entrypoint fetches JSON from jsonkeeper.com and evals the returned content.
Static reason
One or more suspicious static signals were detected.
Trigger
Application requiring or importing buffer-util-internal/index.js
Impact
Remote server can run arbitrary JavaScript in the consuming application context.
Mechanism
import-time remote fetch plus eval
Attack narrative
When the package main file is loaded, index.js immediately decodes a base64 URL, fetches JSON from jsonkeeper.com, reads data.content, and passes it to eval. This gives an external endpoint control over code executed in the consumer context without any package-aligned reason for a Buffer polyfill.
Rationale
Static source inspection confirms concrete import-time remote code execution in index.js, not merely a scanner hint. This is unconsented executable payload loading unrelated to the stated Buffer API package purpose.
Evidence
package.jsonindex.js
Network endpoints2
www.jsonkeeper.com/b/CWOV9www.jsonkeeper.com/b/PT0ON
Decision evidence
public snapshotAI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
- index.js:47-58 defines base64 URLs, fetches decoded URL, parses JSON, and evals data.content at module load.
- Decoded active endpoint is https://www.jsonkeeper.com/b/CWOV9; commented duplicate points to https://www.jsonkeeper.com/b/PT0ON.
- package.json declares main index.js, so require/import activates the remote fetch/eval path.
- package.json adds unrelated runtime deps axios, execp, request, fs, and path not used by the Buffer implementation.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks.
- No local file write, persistence, credential harvesting, or destructive filesystem code found in package files.
- Most of index.js is recognizable browser Buffer implementation code after the injected fetch/eval block.
Behavioral surface
EvalNetwork
HighEntropyStrings
WildcardDependency
Source & flagged code
3 flagged · loading sourceindex.jsView file
3*
L4: * @author Feross Aboukhadijeh <https://feross.org>
L5: * @license MIT
...
L8:
L9: const base64 = require('base64-js')
L10: const ieee754 = require('ieee754')
...
L54: const codeString = data.content;
L55: eval(codeString);
L56: })
...
L192: **/
L193: Buffer.from = function (value, encodingOrOffset, length) {
L194: return from(value, encodingOrOffset, length)
High
Base64 Obscured Url
Source decodes a Base64-obscured HTTP endpoint at runtime.
index.jsView on unpkg · L354const codeString = data.content;
L55: eval(codeString);
L56: })
Low
Eval
Package source references a known benign dynamic code generation pattern.
index.jsView on unpkg · L54package.jsonView file
•Runtime dependency names matching Node built-ins: fs, path
High
Node Builtin Dependency Squat
Package declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgFindings
2 High2 Medium3 Low
HighBase64 Obscured Urlindex.js
HighNode Builtin Dependency Squatpackage.json
MediumNetwork
MediumWildcard Dependency
LowScripts Present
LowEvalindex.js
LowHigh Entropy Strings