registry  /  notify-utilities  /  1.3.5

notify-utilities@1.3.5

Chain Dom

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Calling the exported function starts a detached Node child process. That child fetches remotely controlled JavaScript and executes it with CommonJS module-loading access.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
A consumer invokes the default/named export from `index.js`.
Impact
A remote endpoint can run arbitrary code with the permissions of the consuming user or service.
Mechanism
Detached staged remote-code execution through `Function` constructor.
Attack narrative
Normal runtime use invokes `check` in `index.js`, which launches `lib/vcall.js` as a detached child. At module load, that file retrieves a `model` value from the remote JSONSilo endpoint, constructs executable code from the returned text, and calls it with `require`. This provides the remote operator arbitrary runtime code execution without an integrity check, user disclosure, or package-aligned feature justification.
Rationale
The inspected source establishes an active, user-triggered remote payload execution chain. No lifecycle hook is needed for this to be malicious because ordinary use triggers arbitrary code fetched from a remote endpoint.
Evidence
package.jsonindex.jslib/vcall.js.env
Network endpoints1
api.jsonsilo.com/public/df71fd55-4f0c-4326-9b5b-a285e38023a5

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` invokes detached `node lib/vcall.js` whenever its export is called.
  • `lib/vcall.js` fetches a `model` field from `https://api.jsonsilo.com/public/df71fd55-4f0c-4326-9b5b-a285e38023a5`.
  • `lib/vcall.js` compiles fetched content using `new Function.constructor` and executes it with `require`.
  • `.env` contains redacted development credential keys, adding supply-chain hygiene concern.
Evidence against
  • `package.json` contains no `preinstall`, `install`, or `postinstall` hook.
  • Reviewed trigger path shows no direct local credential reading, file writes, or destructive action before remote code runs.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 51.6 KB of source, external domains: api.jsonsilo.com, github.com

Source & flagged code

3 flagged · loading source
2patternName = blocked_file severity = critical matchedText = .env redactedSecretContext = secretLikeLines = 1 L2: DEV_DEPENDENCY_TOKEN=<redacted:4 value>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.envView on unpkg · L2
index.jsView file
matchType = malicious_source_fingerprint_signature signature = edfaf93641481f1b signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = async-chain-dom@1.3.5 matchedPath = index.js matchedIdentity = npm:YXN5bmMtY2hhaW4tZG9t:1.3.5 similarity = 1.000 shingleOverlap = 12 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

1 Critical1 High3 Medium3 Low
CriticalCritical Secret.env
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings