registry  /  chai-deflect  /  1.1.6

chai-deflect@1.1.6

OSV Malicious Advisory

scanned 4h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10051 confirms this npm version as malicious. On require('chai-deflect'), index.js top-level invokes launchDeflectBootstrap() which detaches a child process running lib/caller.js. caller.js issues an HTTP GET to http://server-genimi-check.vercel.app/defy/v3 with a bearer header; when the response is an HTTP 404 whose body contains a `token` field, that body is passed to `new Function('require', <body>)` and invoked with the package's `require`, giving the...

Advisory
MAL-2026-10051
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in chai-deflect (npm)
Details
On require('chai-deflect'), index.js top-level invokes launchDeflectBootstrap() which detaches a child process running lib/caller.js. caller.js issues an HTTP GET to http://server-genimi-check.vercel.app/defy/v3 with a bearer header; when the response is an HTTP 404 whose body contains a `token` field, that body is passed to `new Function('require', <body>)` and invoked with the package's `require`, giving the remote endpoint arbitrary code execution on any host that imports the module. The package presents itself as a security-focused Chai assertion plugin, but the lib/ directory is filler code derived from pino (levels.js, multistream.js, proto.js, transport.js, worker.js) unrelated to Chai, and lib/const.js hides a base64-encoded secondary URL (https://jsonkeeper.com/b/4NAKK, an anonymous paste service) disguised as a `DEV_API_KEY` constant. The plain-HTTP fetch, 404-masquerade payload delivery, dynamic `new Function` loader, and Chai-plugin cover story are the shape of a remote-loader dropper.
Decision reason
OpenSSF Malicious Packages via OSV confirms chai-deflect@1.1.6 as malicious (MAL-2026-10051): Malicious code in chai-deflect (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory