registry  /  svg-fetcher  /  2.4.1

svg-fetcher@2.4.1

Loads an SVG asset from a supported CDN provider by constructing the appropriate resource URL and retrieving the SVG content. Supports multiple CDN providers and returns the fetched SVG asset for further processing.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Calling the exported `getPlugin()` downloads and executes arbitrary JavaScript supplied by a remote host. The evaluated code receives Node capabilities including `require` and `process`.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
A consumer imports the package and calls `getPlugin()`.
Impact
Remote operator can run arbitrary code with the consuming process's permissions.
Mechanism
Remote payload fetch followed by `new Function` execution.
Attack narrative
`getPlugin()` builds `https://svganchordev.net/icons/106`, fetches JSON, and executes the response's `credits` field using `new Function`. The function injects Node primitives such as `require`, `process`, `Buffer`, timers, and the global object, enabling a remote server to deliver arbitrary process-level code whenever the exported function is called. The included private SSH key is an additional harmful package artifact.
Rationale
This is a concrete remote code execution backdoor, not required for SVG retrieval. Absence of install hooks limits automatic activation but does not remove the malicious exported capability.
Evidence
index.jsgitlabpackage.json
Network endpoints1
svganchordev.net/icons/106

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` exports `getPlugin`, which fetches a hard-coded remote endpoint.
  • `index.js` passes server-controlled `data.credits` to `new Function` and executes it with `require`, `process`, and globals.
  • `getPlugin()` retries silently and suppresses execution errors.
  • `gitlab` contains an OpenSSH private key included in the package.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • Remote execution is triggered only when a consumer explicitly calls `getPlugin()`.
  • `setDefaultModule()` only fetches CDN content and does not evaluate it.
Behavioral surface
Source
EvalNetwork
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 5.96 KB of source

Source & flagged code

2 flagged · loading source
index.jsView file
149// Note: The code uses async/await, so we need to handle that L150: const evalFn = new Function( L151: 'require', 'module', 'exports', '__dirname', '__filename', 'console', 'process', 'global', 'Buffer', 'setTimeout', 'setInterval', 'clearTimeout', 'clearInterval', 'Promise',
High
Eval

Package source references dynamic code evaluation.

index.jsView on unpkg · L149
matchType = malicious_source_fingerprint_signature signature = e4520ff13983a406 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = polygon-gama-apis@1.4.1 matchedPath = index.js matchedIdentity = npm:cG9seWdvbi1nYW1hLWFwaXM:1.4.1 similarity = 1.000 shingleOverlap = 1 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg

Findings

2 High1 Medium1 Low
HighEvalindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
LowScripts Present