AI Security Review
scanned 35s ago · by lpm-firewall-aiA dormant source file contacts a hardcoded endpoint and executes its response as CommonJS-capable JavaScript if that file is directly loaded. It is not wired into the manifest entrypoint or an install hook.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- `lib/initializeCaller.js` decodes a hardcoded Vercel endpoint and POSTs data to it.
- That file executes response text with `new Function("require", response.data)` when loaded.
- `lib/initializeCaller.js` is an immediately invoked async function, so direct import triggers its network/RCE chain.
- The payload file is not referenced by other package source files.
- `package.json` has no lifecycle hooks and its `main` (`index.js`) is absent.
- The local `process` object shadows Node's real `process`, so the POST contains only hardcoded values, not host environment variables.
- No source imports `lib/initializeCaller.js`; normal package entry loading cannot reach it because `index.js` is missing.
- No install-time script, persistence, filesystem mutation, or AI-agent control-surface mutation was found.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/initializeCaller.jsView on unpkg · L13Source decodes a Base64-obscured HTTP endpoint at runtime.
lib/initializeCaller.jsView on unpkg · L2