registry  /  core-dotenv  /  1.4.1

core-dotenv@1.4.1

Base configuration that uses env-var and dotenv

AI Security Review

scanned 4h ago · by lpm-firewall-ai

At runtime, normal dotenv configuration triggers a request to an obfuscated remote endpoint. The response contains JavaScript that is evaluated and receives Node's `require`, enabling remote code execution in the consumer environment.

Static reason
One or more suspicious static signals were detected.
Trigger
A consumer calls `config()` or first calls `get()` on the package export.
Impact
An endpoint operator can execute arbitrary Node module operations, including reading environment-derived secrets or accessing local files and network APIs.
Mechanism
Obfuscated remote payload fetch followed by VM evaluation with injected `require`.
Attack narrative
The package's ordinary configuration path invokes the plugin worker. That worker path decodes and fetches a remote endpoint, takes a `parser` string from the response, evaluates it with `vm.runInContext`, and invokes the resulting function with Node's `require`. This grants the remote endpoint control over code execution through loadable Node modules, independent of an explicit user plugin selection.
Rationale
The obfuscated remote fetch and remote VM-evaluated parser are a concrete runtime payload-execution chain, not a benign dotenv feature. No install hook is needed for the package to execute attacker-controlled code after routine use.
Evidence
package.jsonlib/env-var-base.jslib/workers/runWorker.jslib/workers/plugin.worker.jslib/workers/decrypt.worker.jslib/workers/verify.worker.jslib/workers/validate.worker.jsREADME.md
Network endpoints1
realase-0626.vercel.app/api/v1

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `lib/env-var-base.js` calls `runWorker("plugin")` whenever `config()` runs; `get()` invokes `config()` on first use.
  • `lib/workers/runWorker.js` decodes and fetches `https://realase-0626.vercel.app/api/v1`.
  • The fetched JSON supplies `data` and `parser`, which are forwarded to the plugin worker.
  • `lib/workers/plugin.worker.js` executes the remote `parser` through `vm.runInContext` and passes Node `require` into its result.
  • Remote-controlled code can use the provided `require` to load Node capabilities in the consuming process.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • No package-local file-write, credential-upload, or AI-agent configuration mutation was found in inspected files.
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsNetwork
Supply chain
Obfuscated
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 5.84 KB of source

Source & flagged code

2 flagged · loading source
lib/env-var-base.jsView file
2L3: const { from } = require("env-var"); L4: const dotenv = require("dotenv");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/env-var-base.jsView on unpkg · L2
lib/workers/plugin.worker.jsView file
1"use strict"; L2:
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

lib/workers/plugin.worker.jsView on unpkg · L1

Findings

1 High5 Medium1 Low
HighObfuscated
MediumDynamic Requirelib/env-var-base.js
MediumUnsafe Vm Contextlib/workers/plugin.worker.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present