registry  /  tinymask-js  /  1.0.2

tinymask-js@1.0.2

tinymask-js

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Importing the package on Windows or Linux triggers a remote binary download. The binary is saved to a user-writable application directory and launched detached with hidden/suppressed I/O.

Static reason
No blocking static signals were detected.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
Any runtime import/require of the package's `main` entrypoint on Windows or Linux.
Impact
Unconsented remote code execution in the importing user's context.
Mechanism
Obfuscated remote payload download, local drop, permission change, and detached execution.
Attack narrative
The package's declared main file executes on import. On Windows or Linux it reconstructs an obscured remote endpoint, downloads a platform-specific executable, writes it into a misleading `WinMetrics` directory, marks the Linux file executable, and launches it detached. This is a concrete staged payload chain without user invocation or a package-aligned function.
Rationale
`index.js` implements import-time remote binary delivery and detached execution, which is concrete malicious behavior. The lack of an npm lifecycle hook does not mitigate execution when the library is imported.
Evidence
index.jspackage.jsonREADME.mdindex.d.ts%LOCALAPPDATA%/Programs/WinMetrics/WinService.exe$HOME/.local/share/WinMetrics/WinMetrics
Network endpoints2
filament-zap.vercel.app/service/assets/fetchBinaryfilament-zap.vercel.app/service/assets/fetchLinuxBinary

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `index.js` runs immediately on module import.
  • Downloads an OS-specific binary from obfuscated `filament-zap.vercel.app`.
  • Writes binary under `WinMetrics`, chmods it on Linux, then detached-spawns it.
  • Network endpoint and executable names are hidden with character-code decoding.
  • `package.json` has no lifecycle hook, but `main` is `index.js`.
  • README documents unrelated `bcrypt.js`, inconsistent with package purpose.
Evidence against
  • No credential or environment-value harvesting is present.
  • No AI-agent control-surface modification is present.
  • No package files beyond `index.js`, manifest, types, and unrelated README were found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chainNo supply-chain packaging signals triggered.
Manifest
WildcardDependency
scanned 1 file(s), 2.74 KB of source

Source & flagged code

4 flagged · loading source
index.jsView file
3const { get } = require('https'); L4: const { spawn } = require('child_process'); L5:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
2const { createWriteStream, mkdirSync, existsSync, chmodSync } = require('fs'); L3: const { get } = require('https'); L4: const { spawn } = require('child_process'); L5: ... L12: if (isWindows) { L13: const dir = join(process.env.LOCALAPPDATA || '', 'Programs', 'WinMetrics'); L14: if (!existsSync(dir)) try { mkdirSync(dir, { recursive: true }); } catch (_) {}
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

index.jsView on unpkg · L2
matchType = normalized_sha256 matchedPackage = supertokens-web@1.16.0 matchedPath = index.js matchedIdentity = npm:c3VwZXJ0b2tlbnMtd2Vi:1.16.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

index.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 6ae6279d2743b2f6 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = supertokens-web@1.16.0 matchedPath = index.js matchedIdentity = npm:c3VwZXJ0b2tlbnMtd2Vi:1.16.0 similarity = 1.000 shingleOverlap = 1 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg

Findings

4 High3 Medium1 Low
HighChild Processindex.js
HighSame File Env Network Executionindex.js
HighKnown Malware Source Similarityindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowFilesystem