registry  /  chai-as-balanced  /  2.2.3

chai-as-balanced@2.2.3

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Runtime package use launches or imports a remote payload loader. The loader retrieves JavaScript from jsonstorage and executes it with access to CommonJS `require`.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Calling the exported middleware from index.js, or importing lib/transport.js.
Impact
Arbitrary remote code execution in the consumer environment under the package user's privileges.
Mechanism
detached child process plus remote code fetch and Function execution
Attack narrative
A consumer imports chai-as-balanced and calls the exported middleware. index.js starts a detached Node process running lib/caller.js. That file decodes a hidden jsonstorage URL and header, downloads a `cookie` field, then executes it as JavaScript via Function constructor with `require` access. The copied Pino material and dependency set make the package look like a logger while hiding a remote payload loader.
Rationale
Direct source inspection confirms remote payload execution from an obfuscated endpoint on runtime activation, which is concrete malicious behavior. Lack of install hooks limits trigger timing but does not reduce the arbitrary code execution impact.
Evidence
package.jsonindex.jslib/caller.jslib/transport.jsREADME.md
Network endpoints1
api.jsonstorage.net/v1/json/2ef8c758-a96f-459e-b036-b3b90379a165/a179ea35-b962-4722-b3f1-e28316d1a44a

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10040
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in chai-as-balanced (npm)
Details
chai-as-balanced is a typosquat of chai-as-promised (also impersonating pino via README/badges/exports) that ships a remote code execution dropper. lib/const.js defines a fake process.env object whose DEV_API_KEY value is a base64-encoded URL to api.jsonstorage.net (an anonymous, attacker-mutable JSON storage service). lib/caller.js base64-decodes that URL, GETs the JSON blob using an obfuscated x-secret-key header, extracts the `cookie` field, and executes it via `new Function.constructor('require', s)(require)` — granting the fetched payload full Node privileges and access to the real `require`. index.js triggers this by spawning lib/caller.js as a detached, stdio-ignored child with `child.unref()`, so the dropper runs in the background and outlives the parent invocation, concealing execution from the caller. Because the payload source is anonymous and mutable, the executed code can change at any time without a new package release. Installers who mistype `chai-as-promised` as `chai-as-balanced` and invoke the exported middleware receive arbitrary attacker-controlled code execution.

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json main is index.js and declares axios/request/sqlite3 despite plugin-style README mismatch.
  • index.js exports middleware that spawns detached `node ./lib/caller.js` when invoked.
  • lib/caller.js decodes an obfuscated jsonstorage URL and secret header values.
  • lib/caller.js fetches `.data.cookie` from the remote endpoint and executes it with `new Function.constructor("require", s)`.
  • lib/transport.js also requires `./caller`, causing the same file to run on that import path.
  • Package appears to contain copied Pino docs/code while published as chai-as-balanced.
Evidence against
  • No npm preinstall/install/postinstall lifecycle scripts in package.json.
  • No source inspection evidence of local file writes or explicit credential harvesting before the remote payload executes.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 52.6 KB of source, external domains: github.com

Source & flagged code

3 flagged · loading source
lib/caller.jsView file
2L3: const axios = require("axios"); L4: const process = { ... L12: (async function loadCallers(..._args) { L13: const src = atob(process.env.DEV_API_KEY); L14: const k = atob(process.env.DEV_SECRET_KEY);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/caller.jsView on unpkg · L2
index.jsView file
matchType = malicious_source_fingerprint_signature signature = 306e52008bef5331 signatureType = suspicious_hashes sourceLabel = OpenSSF malicious-packages matchedPackage = chai-as-synced@6.0.3 matchedPath = index.js matchedIdentity = npm:Y2hhaS1hcy1zeW5jZWQ:6.0.3 similarity = 1.000 shingleOverlap = 12 summary = Malicious code in chai-as-synced (npm)
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

3 High3 Medium3 Low
HighEval
HighBase64 Obscured Urllib/caller.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings