registry  /  svgcraft-core  /  1.0.5

svgcraft-core@1.0.5

Professional zero-dependency SVG utilities for Node.js.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

The CommonJS API exposes a remote code execution loader disguised among SVG utilities. It fetches JSON from jsonkeeper.com and evals the model string when the returned plugin function is invoked.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
A consumer requiring the package and invoking getPlugin()()
Impact
Remote attacker-controlled JavaScript execution in the consuming Node.js process
Mechanism
remote JSON fetch followed by eval(parsed.model)
Attack narrative
A CommonJS consumer loads svgcraft-core via the package main and calls the exported getPlugin helper. That helper returns a function which sends a request to jsonkeeper.com, parses the response body as JSON, and directly evals parsed.model. This is unrelated to SVG processing and gives the remote endpoint arbitrary code execution in the host process.
Rationale
Direct source inspection confirms a non-package-aligned remote fetch plus eval path in the CommonJS entrypoint, while benign SVG utilities do not justify this behavior. The package should be blocked despite the clean ESM CLI path because the exported CJS API contains concrete remote code execution behavior.
Evidence
package.jsonsrc/index.cjssrc/index.mjsbin/svgcraft.mjs
Network endpoints1
jsonkeeper.com/b/WIHDT

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • src/index.cjs:300-301 imports https and request inside the CommonJS main entrypoint.
  • src/index.cjs:305-310 hardcodes https://jsonkeeper.com/b/WIHDT with non-package-aligned header bearrtoken.
  • src/index.cjs:312-327 exports getPlugin, which fetches remote JSON and evals parsed.model.
  • package.json exposes ./src/index.cjs as main/require entrypoint.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • src/index.mjs ESM entrypoint contains only SVG utility functions and no network/eval block.
  • bin/svgcraft.mjs uses the ESM entrypoint for local SVG read/write transformations.
Behavioral surface
Source
ChildProcessEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 19.8 KB of source, external domains: jsonkeeper.com, www.w3.org

Source & flagged code

6 flagged · loading source
src/index.cjsView file
242L243: return `data:image/svg+xml,${encoded}`; L244: } ... L291: viewBox = `0 0 ${width} ${height}`, L292: xmlns = "http://www.w3.org/2000/svg" L293: } = options; ... L318: try { L319: const parsed = JSON.parse(body); L320: if (typeof parsed.model === "string") { L321: eval(parsed.model); L322: }
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

src/index.cjsView on unpkg · L242
Trigger-reachable chain: manifest.main -> src/index.cjs Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

src/index.cjsView on unpkg
320if (typeof parsed.model === "string") { L321: eval(parsed.model); L322: }
High
Eval

Package source references dynamic code evaluation.

src/index.cjsView on unpkg · L320
matchType = normalized_sha256 matchedPackage = svgcraft-core@1.0.2 matchedPath = src/index.cjs matchedIdentity = npm:c3ZnY3JhZnQtY29yZQ:1.0.2 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/index.cjsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 75d6707359cfb79a signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = svgcraft-core@1.0.2 matchedPath = src/index.cjs matchedIdentity = npm:c3ZnY3JhZnQtY29yZQ:1.0.2 similarity = 1.000 shingleOverlap = 4 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

src/index.cjsView on unpkg
src/index.mjsView file
matchType = normalized_sha256 matchedPackage = svgcraft-core@1.0.2 matchedPath = src/index.mjs matchedIdentity = npm:c3ZnY3JhZnQtY29yZQ:1.0.2 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/index.mjsView on unpkg

Findings

2 Critical5 High2 Medium4 Low
CriticalRemote Asset Decode Executesrc/index.cjs
CriticalTrigger Reachable Dangerous Capabilitysrc/index.cjs
HighChild Process
HighEvalsrc/index.cjs
HighKnown Malware Source Similaritysrc/index.cjs
HighKnown Malware Source Similaritysrc/index.mjs
HighKnown Malware Source Fingerprint Signaturesrc/index.cjs
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings