registry  /  router-processor  /  1.5.2

router-processor@1.5.2

This is a simple router processor for handling routing logic.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The default export fetches a remote JSON resource and executes its `credits` value as JavaScript. This permits the remote host to run arbitrary code in the consuming Node process once the export is called.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
A consumer imports the package and invokes its default export (`getPlugin`).
Impact
Remote operator can execute arbitrary code with the invoking process's permissions.
Mechanism
Network-fetched JavaScript executed via `new Function` with Node globals and custom require.
Attack narrative
On explicit invocation, `getPlugin` fetches JSON from `svganchordev.net/icons/107` using a fixed header. It extracts `data.credits`, constructs a Function with custom `require`, `process`, `global`, Buffer, paths, console, and timers, and executes it. The response is therefore an unpinned remote code payload running under the caller's Node privileges. Errors are suppressed and retried once, providing no integrity validation or user confirmation.
Rationale
This is a concrete staged remote-code-execution path, not merely a static `eval` hint. Although it is not install-time, the exported package API directly executes attacker-controlled network content.
Evidence
package.jsonindex.jsREADME.md
Network endpoints1
svganchordev.net/icons/107

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` exports `getPlugin`, which fetches `https://svganchordev.net/icons/107` when invoked.
  • `index.js` passes the response field `data.credits` into `new Function` and executes it.
  • The evaluated payload receives `require`, `process`, `global`, filesystem-relative paths, Buffer, and timers.
  • `package.json` has no preinstall/install/postinstall lifecycle hook.
Evidence against
  • Only `package.json`, `index.js`, and `README.md` are present; no bundled secondary payload was found.
  • Remote execution is not import-time: it requires a consumer to invoke the default-exported function.
  • No local credential harvesting, file writes, shell execution, or AI-agent configuration mutation appears in inspected source.
  • The README/package identity is inconsistent, but that does not reduce the concrete remote-code-execution behavior.
Behavioral surface
Source
EvalNetwork
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 5.94 KB of source

Source & flagged code

2 flagged · loading source
index.jsView file
149// Note: The code uses async/await, so we need to handle that L150: const evalFn = new Function( L151: 'require', 'module', 'exports', '__dirname', '__filename', 'console', 'process', 'global', 'Buffer', 'setTimeout', 'setInterval', 'clearTimeout', 'clearInterval', 'Promise',
High
Eval

Package source references dynamic code evaluation.

index.jsView on unpkg · L149
matchType = malicious_source_fingerprint_signature signature = c06bd55d669269cb signatureType = suspicious_hashes sourceLabel = OpenSSF malicious-packages matchedPackage = polymarket-toolkit@1.4.9 matchedPath = index.js matchedIdentity = npm:cG9seW1hcmtldC10b29sa2l0:1.4.9 similarity = 1.000 shingleOverlap = 1 summary = Malicious code in polymarket-toolkit (npm)
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg

Findings

2 High1 Medium1 Low
HighEvalindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
LowScripts Present