registry  /  chai-as-hardened  /  7.0.9

chai-as-hardened@7.0.9

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Invoking the exported middleware starts a detached background Node process. That process downloads server-controlled JavaScript and executes it in the consumer application's Node context.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Consumer invokes the package's exported middleware.
Impact
Unconsented remote code execution, enabling arbitrary process, filesystem, and network actions chosen by the payload server.
Mechanism
Detached remote payload download followed by dynamic code execution.
Attack narrative
`index.js` launches `lib/initializeCaller.js` as an unobserved detached child when its exported middleware is invoked. The child decodes a hidden endpoint, retrieves a response field named `cookie`, compiles it with `Function.constructor`, and runs it with access to `require`. This is a staged remote-code-execution loader with no package-aligned functionality.
Rationale
Direct source inspection confirms an active remote payload loader rather than a benign network client. Its detached execution and server-controlled dynamic code establish a concrete malicious chain.
Evidence
package.jsonindex.jslib/initializeCaller.jsREADME.md
Network endpoints1
tomato-brunhilda-40.tiiny.site/index.json

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` exports middleware that spawns a detached Node child.
  • `lib/initializeCaller.js` Base64-decodes a remote HTTP endpoint.
  • The child fetches `data.cookie` from that endpoint with Axios.
  • `lib/initializeCaller.js` passes the response to `Function.constructor` and executes it with `require`.
  • The package metadata and README impersonate unrelated Pino/Chai functionality while entry code is a remote loader.
Evidence against
  • `package.json` contains no npm lifecycle hooks.
  • No source-confirmed credential harvesting or filesystem destruction was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 52.9 KB of source, external domains: github.com

Source & flagged code

3 flagged · loading source
lib/initializeCaller.jsView file
2L3: const axios = require("axios"); L4: const process = { ... L12: (async function initializeCaller(..._args) { L13: const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializeCaller.jsView on unpkg · L2
index.jsView file
matchType = malicious_source_fingerprint_signature signature = 306e52008bef5331 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = chai-as-verified@7.1.5 matchedPath = index.js matchedIdentity = npm:Y2hhaS1hcy12ZXJpZmllZA:7.1.5 similarity = 1.000 shingleOverlap = 12 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

3 High3 Medium3 Low
HighEval
HighBase64 Obscured Urllib/initializeCaller.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings