AI Security Review
scanned 2h ago · by lpm-firewall-aiDuring a Karma scan, the package downloads a remote accessibility engine, caches it locally, and registers it for browser execution. npm lifecycle scripts also relocate and later delete a narrowly named project-level `karma-ibma` path.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install/uninstall, or loading the aChecker Karma framework
Impact
A compromised or changed engine response can execute in the Karma browser; lifecycle scripts can create or delete `karma-ibma` outside the package directory.
Mechanism
unpinned remote engine loading plus lifecycle filesystem relocation
Rationale
Source inspection disproves the scanner's implication of a concealed malicious payload, but confirms an unpinned remote-code-loading path and scoped lifecycle mutations. Downgrade to warn rather than block.
Evidence
package.jsontelemetry.ymlindex.jsbin/achecker_policies.jslib/ACEngineLoader.jslib/common/config/ACConfigManager.jslib/common/config/ACConstants.jslib/log/ACMetricsLogger.js../karma-ibma../../karma-ibma${tmpdir}/accessibility-checker/ace.js
Network endpoints4
cdn.jsdelivr.net/npm/accessibility-checker-engine@next/archives.jsoncdn.jsdelivr.net/npm/accessibility-checker-enginewww-api.ibm.com/ibm-telemetry/v1/metricsable.ibm.com/tools/api/pub/meter/v2
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
- `lib/ACEngineLoader.js` fetches a remote `ace.js`, writes it to cache, then registers it for Karma loading.
- `lib/common/config/ACConstants.js` defaults the engine source to jsDelivr and `processACConfig` uses the mutable `@next` archive channel.
- `package.json` postinstall runs telemetry and copies `../karma-ibma` to `../../karma-ibma`; postuninstall deletes that project-level path.
- No integrity or signature check is applied to the downloaded engine before it is served to the Karma browser.
Evidence against
- `index.js` only registers local preprocessor, framework, and reporter modules when Karma loads it.
- The package source contains no credential-path harvesting, shell spawning, eval/vm use, or AI-agent configuration writes.
- `bin/achecker_policies.js` network access is explicit user CLI execution and only prints archive metadata.
- `telemetry.yml` names an IBM telemetry endpoint, and README documents install-time telemetry and opt-out.
Behavioral surface
CryptoDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = ibmtelemetry --config=telemetry.yml ; node --eval "var fs=require('fs-extra');var path = require('path');var karmaibmaRoot = path.resolve(__dirname, '..', 'karma-ibma');var karmaib...
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = ibmtelemetry --config=telemetry.yml ; node --eval "var fs=require('fs-extra');var path = require('path');var karmaibmaRoot = path.resolve(__dirname, '..', 'karma-ibma');var karmaib...
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgindex.jsView file
42// Map the html2js preprocessor in the karma-ibma plugin, so that users do not need to install it seperatly.
L43: //'preprocessor:html2js': require('karma-html2js-preprocessor')['preprocessor:html2js'],
L44:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
index.jsView on unpkg · L42Findings
1 Critical1 High4 Medium5 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requireindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings