AI Security Review
scanned 1h ago · by lpm-firewall-aiA dormant bundled module performs a remote request and conditionally executes server-supplied JavaScript when imported. The public entrypoint does not import that module, but it silently spawns a detached child on import.
Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review
Trigger
A consumer deep-imports `lib/levels.js`; importing `index.js` spawns `lib/caller.js`.
Impact
Remote code can execute in the consuming Node process if the endpoint returns the guarded response.
Mechanism
remote token fetch with conditional dynamic code execution
Rationale
The bundled remote-code-execution loader is concrete but is not imported by the declared entrypoint and no install hook exists. Flag as suspicious staged payload carrier rather than a publish block.
Evidence
index.jslib/caller.jslib/levels.jslib/config.jspackage.json
Network endpoints1
mongos-hooks-api.vercel.app/defy/v3
OSV Corroboration
OpenSSF/OSVAdvisory
MAL-2026-10127
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in eth-react-redirection (npm)
Details
Package published as a React navigation library but ships code from an unrelated logger fork with an injected remote-execute payload. lib/levels.js contains a top-level IIFE that performs an HTTP GET to http://mongos-hooks-api.vercel.app/defy/v3 and, on a 404 response, passes a `token` field from the response body to `new Function.constructor('require', res.token)(require)`, running arbitrary attacker-supplied JavaScript with the package's `require` binding. lib/const.js stores a base64-encoded secondary URL under the misleading name DEV_API_KEY that decodes to https://jsonkeeper.com/b/4NAKK, an anonymous JSON-paste host usable as a backup payload source. index.js additionally spawns a detached Node child process (process.execPath on lib/caller.js) with stdio ignored and unref()'d on every require. The package.json name and description advertise a React navigation library, while index.js is a chai assertions plugin and lib/ is a fork of pino/flowlimit — a masquerade shape. The remote-execution path fires on module load, so any consumer that requires this package triggers execution of code fetched over plain HTTP from an attacker-controlled endpoint.
References
Decision evidence
public snapshotAI called this Suspicious at 98.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for block
- `lib/levels.js` has an import-time async bootstrap.
- It GETs `http://mongos-hooks-api.vercel.app/defy/v3`.
- A 404 response `token` is executed via `Function.constructor`.
- `index.js` silently spawns detached `lib/caller.js` on every import.
- The exported Chai validator does not require the bundled `lib/` logging code.
Evidence against
- `package.json` has no preinstall/install/postinstall hooks.
- `lib/caller.js` only returns its own filename.
- No credential harvesting or local file writes were found.
Behavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourceindex.jsView file
•matchType = normalized_sha256
matchedPackage = chai-redirection@0.0.3
matchedPath = index.js
matchedIdentity = npm:Y2hhaS1yZWRpcmVjdGlvbg:0.0.3
similarity = 1.000
summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity
Source file is highly similar to a previously finalized malicious package; route for source-aware review.
index.jsView on unpkgFindings
2 High2 Medium3 Low
HighEval
HighKnown Malware Source Similarityindex.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings