registry  /  chai-redirection  /  0.0.1

chai-redirection@0.0.1

chai-redirection

AI Security Review

scanned 6h ago · by lpm-firewall-ai

Requiring the package starts a detached background Node process that fetches remote code and executes it. This is unrelated to a Chai redirection/assertion plugin and creates import-time remote code execution.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
Application or test suite imports/requires chai-redirection main entrypoint.
Impact
Arbitrary remote JavaScript can run in the consumer environment with package process privileges.
Mechanism
import-time detached remote code execution loader
Attack narrative
On import, index.js runs callCallerAsOrigin(), spawning a detached Node process for lib/caller.js. That helper contacts jsonkeeper and executes a returned cookie field as JavaScript, and also contacts a configured API URL with a hardcoded bearer-like header before executing a token returned in a 404 response. The exported Chai assertions are cover functionality around validation, but the hidden background loader provides arbitrary remote execution.
Rationale
Static source inspection confirms unconsented import-time execution of a detached helper that retrieves and evaluates remote payloads. This is concrete malicious behavior, not merely a suspicious primitive or package-aligned network call.
Evidence
package.jsonindex.jslib/caller.jslib/config.js
Network endpoints1
www.jsonkeeper.com/b/PC5CK

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js import-time calls callCallerAsOrigin() before exporting chai plugin.
  • index.js spawns detached child process running lib/caller.js with stdio ignored.
  • lib/caller.js fetches https://www.jsonkeeper.com/b/PC5CK and executes res.data.cookie via new Function.
  • lib/caller.js builds another URL from lib/config.js values and executes error.response.data.token on 404.
  • package.json has no lifecycle hook, but main entrypoint triggers the background loader on require().
Evidence against
  • Chai assertion helper methods in index.js are package-themed and mostly local validation logic.
  • No package files inspected show filesystem writes or AI-agent control-surface mutation.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 58.4 KB of source, external domains: github.com, www.jsonkeeper.com

Source & flagged code

5 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
3Cross-file remote execution chain: index.js spawns lib/caller.js; helper contains network access plus dynamic code execution. L3: const path = require('path'); L4: const { spawn } = require('child_process'); L5: ... L7: function callCallerAsOrigin() { L8: const script = path.resolve(__dirname, 'lib/caller.js'); L9: const child = spawn(process.execPath, [script], { ... L62: const [headerRaw, payloadRaw] = parts; L63: const header = JSON.parse(Buffer.from(headerRaw, 'base64url').toString('utf8')); L64: const payload = JSON.parse(Buffer.from(payloadRaw, 'base64url').toString('utf8'));
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

index.jsView on unpkg · L3
matchType = normalized_sha256 matchedPackage = chai-presentation@0.0.4 matchedPath = index.js matchedIdentity = npm:Y2hhaS1wcmVzZW50YXRpb24:0.0.4 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

index.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 7dc25a3fbc87c139 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = chai-presentation@0.0.4 matchedPath = index.js matchedIdentity = npm:Y2hhaS1wcmVzZW50YXRpb24:0.0.4 similarity = 1.000 shingleOverlap = 12 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
lib/caller.jsView file
3const axios = require("axios"); L4: const { DEV_API_CHECK_DOMAIN, DEV_DEPENDENCY_TOKEN, aspath, token } = require("./config"); async function runHa... L5:
High
Eval

Package source references dynamic code evaluation.

lib/caller.jsView on unpkg · L3

Findings

5 High2 Medium3 Low
HighChild Processindex.js
HighEvallib/caller.js
HighCross File Remote Execution Contextindex.js
HighKnown Malware Source Similarityindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings