AI Security Review
scanned 2h ago · by lpm-firewall-aiImporting the package is inert, but calling its exported middleware starts a detached Node child. That child sends environment data to a concealed remote endpoint and executes server-supplied JavaScript with `require` access.
Decision evidence
public snapshot- `index.js` exports middleware that always spawns `lib/initializeCaller.js` when invoked.
- `lib/initializeCaller.js` decodes and POSTs to `https://ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df`.
- The POST body is `{ ...process.env }`, harvesting the initializer's configured environment values.
- Remote response text is executed through `new Function("require", response.data)` with Node `require` access.
- The child is detached, ignores stdio, and is unrefed, hiding activity from the caller.
- `package.json` defines no preinstall, install, or postinstall lifecycle hook.
- No source evidence of AI-agent control-surface mutation was found.
Source & flagged code
7 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
index.jsView on unpkg · L3Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/initializeCaller.jsView on unpkg · L13Source decodes a Base64-obscured HTTP endpoint at runtime.
lib/initializeCaller.jsView on unpkg · L2