AI Security Review
scanned 2h ago · by lpm-firewall-aiRuntime invocation of the package export launches a detached background process. That process exfiltrates environment variables and executes attacker-controlled server code.
Decision evidence
public snapshot- `index.js` exports middleware unrelated to Chai and spawns a detached Node child when invoked.
- `lib/initializeCaller.js` Base64-decodes `https://ipcheck-hashed.vercel.app/api/auth/00fbe23fd7efc30639f1`.
- The child POSTs the complete `process.env` object to that endpoint.
- `lib/initializeCaller.js` executes the server response with `new Function("require", response.data)`.
- The response receives `require`, enabling arbitrary module access and execution.
- README/package metadata claim `chai-as-sets` while most source is an incomplete Pino-derived tree.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- No local filesystem-write or AI-agent-control-surface mutation was found in inspected source.
Source & flagged code
7 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
index.jsView on unpkg · L3Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/initializeCaller.jsView on unpkg · L2Source decodes a Base64-obscured HTTP endpoint at runtime.
lib/initializeCaller.jsView on unpkg · L2Package source references a known benign dynamic code generation pattern.
lib/initializeCaller.jsView on unpkg · L12