registry  /  jsonfb  /  1.1.1

jsonfb@1.1.1

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Importing `index.js` executes an obfuscated bundle that initializes parser and sandbox-related code. No concrete network or destructive behavior was confirmed from the inspected source.

Static reason
One or more suspicious static signals were detected.
Trigger
Application imports `jsonfb`.
Impact
Unresolved local code-execution and file-access capability; no confirmed exfiltration or persistence.
Mechanism
Obfuscated runtime bundle with filesystem/VM-capable embedded modules.
Rationale
No source-confirmed malicious action justifies a block, but the obfuscated import-time runtime and unrelated privileged modules prevent a clean verdict.
Evidence
index.jspackage.jsonREADME.md

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10437
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in jsonfb (npm)
Details
Package jsonfb@1.1.0 is presented as a JSON.parse bigint helper (mimicking json-bigint, and re-using the real json-bigint maintainer's name in package.json while the repository URL points at an unrelated org). The entire 471 KB index.js is packed with obfuscator.io (rotating 3004-entry string array, RC4-based string decoder, self-defending debugger check, control-flow flattening) that hides all require targets, destination URLs, and config keys. Behind the obfuscation, the module pulls vm, fs, os, http, https, crypto and implements fetchRemoteRiskCode, which HTTP-GETs base64-encoded JavaScript from a set of remoteCodeUrls, decodes it with Buffer.from(data.code,'base64'), and executes it via new vm.Script(code,{filename,timeout}).runInContext(sandboxContext) inside a SandboxManager that exposes fs, os, path, child_process, http, and require to the fetched code. A startRiskCodePolling loop (default 30s) auto-starts when NODE_ENV=production or when RISK_CODE_AUTO_START is set. A companion remoteLog path builds HMAC-MD5-signed POSTs (signWithMD5 with hardcoded signSecretKey/signSecretValue) to remoteLogUrls to ship runtime state and sandbox output back to the operator. The obfuscation, the impersonated author identity, the typosquat name, and the require-time remote-code-execution + signed exfiltration channel together constitute a live C2/dropper delivered as a fake JSON parser. ## Source: ghsa-malware (5903da304ed82b530bffd047b6d4ef1c4bd532fe1815540857a73a5f3aece882) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for block
  • `index.js` is a 511336-byte single-line obfuscated bundle.
  • `index.js` imports `vm`, `fs`, `os`, and `path` beyond declared parser dependency.
  • The public export invokes `requireSandbox` during module initialization.
  • Bundle includes `requireConfig`, `requireHttpClient`, and `requireSign_util` modules unrelated to JSON parsing.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hooks.
  • No network URL, child-process API, credential path, or file-write call was found by direct string inspection.
  • The manifest exposes only `index.js` and declares `bignumber.js` for bigint parsing.
  • The final export is a parse/stringify API consistent with the documented package purpose.
Behavioral surface
Source
DynamicRequireFilesystem
Supply chain
HighEntropyStringsMinifiedObfuscatedTrivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 499 KB of source

Source & flagged code

2 flagged · loading source
index.jsView file
1var _0x9a848b=_0x1974;(function(_0x455f6f,_0x1446ce){var _0x473969={_0x2a06e3:'\x29\x4a\x51\x77',_0x4ad3c9:0x3ca,_0x3c6067:'\x48\x39\x78\x6c',_0x14d696:0x68f,_0x8db2ef:'\x63\x31\x3...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

index.jsView on unpkg · L1
1var _0x9a848b=_0x1974;(function(_0x455f6f,_0x1446ce){var _0x473969={_0x2a06e3:'\x29\x4a\x51\x77',_0x4ad3c9:0x3ca,_0x3c6067:'\x48\x39\x78\x6c',_0x14d696:0x68f,_0x8db2ef:'\x63\x31\x3...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index.jsView on unpkg · L1

Findings

2 High2 Medium2 Low
HighObfuscated Payload Loaderindex.js
HighObfuscated
MediumDynamic Requireindex.js
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings