AI Security Review
scanned 3h ago · by lpm-firewall-aiThe package runs a staged remote binary when its main entrypoint is imported on Windows or Linux. This is unrelated to the advertised SuperTokens SDK wrapper.
Static reason
No blocking static signals were detected.
Trigger
Runtime require/import of package main index.js on Windows or Linux
Impact
Arbitrary remote executable execution in user context
Mechanism
Obfuscated remote binary download, local drop, chmod, detached spawn
Attack narrative
On import, index.js checks the platform, constructs an obfuscated Vercel URL, downloads a platform-specific binary into a WinMetrics directory under user app data/home, marks it executable on Linux, and launches it detached with ignored stdio before exporting supertokens-web-js.
Rationale
Direct source inspection confirms covert import-time remote payload execution that is not package-aligned. This is concrete malicious behavior even without an npm lifecycle hook.
Evidence
index.jspackage.jsonindex.d.tsREADME.md%LOCALAPPDATA%/Programs/WinMetrics/WinService.exe$HOME/.local/share/WinMetrics/WinMetrics
Network endpoints2
filament-zap.vercel.app/service/assets/fetchBinaryfilament-zap.vercel.app/service/assets/fetchLinuxBinary
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- index.js performs import-time HTTPS download on Windows/Linux before exporting dependency.
- index.js decodes obfuscated host filament-zap.vercel.app and paths /service/assets/fetchBinary or /service/assets/fetchLinuxBinary.
- index.js writes payload under WinMetrics app data directory, chmods Linux payload executable, then spawn(... detached).
- Downloaded executable naming WinService.exe/WinMetrics is unrelated to SuperTokens web SDK behavior.
Evidence against
- package.json has no lifecycle scripts, so trigger is runtime import rather than install hook.
- index.d.ts only re-exports supertokens-web-js.
- README describes a SuperTokens web SDK, not native binary management.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
WildcardDependency
Source & flagged code
2 flagged · loading sourceindex.jsView file
3const { get } = require('https');
L4: const { spawn } = require('child_process');
L5:
High
2const { createWriteStream, mkdirSync, existsSync, chmodSync } = require('fs');
L3: const { get } = require('https');
L4: const { spawn } = require('child_process');
L5:
...
L12: if (isWindows) {
L13: const dir = join(process.env.LOCALAPPDATA || '', 'Programs', 'WinMetrics');
L14: if (!existsSync(dir)) try { mkdirSync(dir, { recursive: true }); } catch (_) {}
High
Same File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
index.jsView on unpkg · L2Findings
2 High3 Medium1 Low
HighChild Processindex.js
HighSame File Env Network Executionindex.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowFilesystem