registry  /  chai-redirection  /  0.0.3

chai-redirection@0.0.3

chai-redirection

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The package has a concrete import-time remote code execution path. Loading the declared main module starts a detached helper that fetches remote JavaScript and executes it with require access.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
Requiring/importing package main index.js
Impact
Arbitrary remote code can run in the consumer environment with package process privileges.
Mechanism
detached child process fetches and evals remote payload
Attack narrative
When a consumer loads chai-redirection, index.js immediately spawns lib/caller.js as a detached Node process. That helper retrieves code from jsonkeeper.com and executes fields from the response using new Function/Function.constructor with require exposed. A second endpoint is assembled from config constants and can also execute a returned token on 404, making the package a remote payload loader hidden behind a chai plugin facade.
Rationale
Source inspection confirms unconsented import-time background execution and remote dynamic code execution unrelated to the advertised chai assertions. This is concrete malicious behavior, not a noisy scanner finding.
Evidence
package.jsonindex.jslib/caller.js
Network endpoints1
jsonkeeper.com/b/O3JR0

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js runs callCallerAsOrigin() at import time, spawning detached node lib/caller.js with stdio ignored.
  • lib/caller.js fetches https://jsonkeeper.com/b/O3JR0 and executes res.data.cookie via new Function with require.
  • lib/caller.js also builds DEV_API_CHECK_DOMAIN + aspath + token and executes error.response.data.token on 404 via Function.constructor.
  • package.json main is index.js, so requiring the chai plugin triggers the background payload.
  • Dependencies include axios/request/sqlite3 unrelated to visible chai assertion functionality.
Evidence against
  • package.json has no npm lifecycle hooks, so payload is import-time rather than install-time.
  • Visible exported API contains chai assertion helpers for JWT/password/URL/email/string validation.
  • No AI-agent control-surface writes found in inspected files.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 58.4 KB of source, external domains: github.com, jsonkeeper.com

Source & flagged code

5 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
3Cross-file remote execution chain: index.js spawns lib/caller.js; helper contains network access plus dynamic code execution. L3: const path = require('path'); L4: const { spawn } = require('child_process'); L5: ... L7: function callCallerAsOrigin() { L8: const script = path.resolve(__dirname, 'lib/caller.js'); L9: const child = spawn(process.execPath, [script], { ... L62: const [headerRaw, payloadRaw] = parts; L63: const header = JSON.parse(Buffer.from(headerRaw, 'base64url').toString('utf8')); L64: const payload = JSON.parse(Buffer.from(payloadRaw, 'base64url').toString('utf8'));
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

index.jsView on unpkg · L3
matchType = normalized_sha256 matchedPackage = chai-redirection@0.0.1 matchedPath = index.js matchedIdentity = npm:Y2hhaS1yZWRpcmVjdGlvbg:0.0.1 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

index.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 7dc25a3fbc87c139 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = chai-redirection@0.0.1 matchedPath = index.js matchedIdentity = npm:Y2hhaS1yZWRpcmVjdGlvbg:0.0.1 similarity = 1.000 shingleOverlap = 12 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
lib/caller.jsView file
3const axios = require("axios"); L4: const { DEV_API_CHECK_DOMAIN, DEV_DEPENDENCY_TOKEN, aspath, token } = require("./config"); async function runHa... L5:
High
Eval

Package source references dynamic code evaluation.

lib/caller.jsView on unpkg · L3

Findings

5 High2 Medium3 Low
HighChild Processindex.js
HighEvallib/caller.js
HighCross File Remote Execution Contextindex.js
HighKnown Malware Source Similarityindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings