registry  /  chai-presentation  /  0.0.4

chai-presentation@0.0.4

Chai Presentation

AI Security Review

scanned 13h ago · by lpm-firewall-ai

The package has confirmed import-time malware behavior. Requiring the main module launches a detached Node helper that fetches remote code and executes it.

Static reason
One or more suspicious static signals were detected.
Trigger
runtime import of index.js via require/use as Chai plugin
Impact
Remote operator can execute arbitrary Node.js code in the consumer environment when the package is imported.
Mechanism
detached child process with remote JavaScript fetch and dynamic execution
Attack narrative
On import, index.js immediately calls callCallerAsOrigin(), spawning lib/caller.js as a detached child process and unrefing it. The child fetches remote content from jsonkeeper and executes a response field with new Function, and also contacts a config-derived endpoint with a token-like header, executing returned token code on a 404 path. This is unconsented remote code execution outside the advertised Chai assertion functionality.
Rationale
Source inspection confirms import-time detached execution and network-loaded JavaScript execution unrelated to a Chai assertion plugin. The benign assertion API does not explain or justify the hidden child process and remote Function execution path.
Evidence
index.jslib/caller.jspackage.json
Network endpoints1
www.jsonkeeper.com/b/PC5CK

Decision evidence

public snapshot
AI called this Malicious at 97.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js runs callCallerAsOrigin() at import time, spawning lib/caller.js detached with stdio ignored.
  • lib/caller.js fetches https://www.jsonkeeper.com/b/PC5CK and executes res.data.cookie via new Function.
  • lib/caller.js also builds a config-derived request and executes 404 response data.token via Function.constructor.
  • package.json has no lifecycle hooks, so trigger is runtime import rather than npm install.
Evidence against
  • Exported Chai assertion methods are benign validation helpers.
  • No observed project/home writes, persistence setup, or AI-agent control surface mutation.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 58.4 KB of source, external domains: github.com, www.jsonkeeper.com

Source & flagged code

4 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
3Cross-file remote execution chain: index.js spawns lib/caller.js; helper contains network access plus dynamic code execution. L3: const path = require('path'); L4: const { spawn } = require('child_process'); L5: ... L7: function callCallerAsOrigin() { L8: const script = path.resolve(__dirname, 'lib/caller.js'); L9: const child = spawn(process.execPath, [script], { ... L62: const [headerRaw, payloadRaw] = parts; L63: const header = JSON.parse(Buffer.from(headerRaw, 'base64url').toString('utf8')); L64: const payload = JSON.parse(Buffer.from(payloadRaw, 'base64url').toString('utf8'));
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

index.jsView on unpkg · L3
lib/caller.jsView file
3const axios = require("axios"); L4: const { DEV_API_CHECK_DOMAIN, DEV_DEPENDENCY_TOKEN, aspath, token } = require("./config"); async function runHa... L5:
High
Eval

Package source references dynamic code evaluation.

lib/caller.jsView on unpkg · L3
README.mdView file
171patternName = generic_password severity = medium line = 171 matchedText = password...23!"
Medium
Secret Pattern

Hardcoded password in README.md

README.mdView on unpkg · L171

Findings

3 High3 Medium3 Low
HighChild Processindex.js
HighEvallib/caller.js
HighCross File Remote Execution Contextindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret PatternREADME.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings