AI Security Review
scanned 2h ago · by lpm-firewall-aiCalling exported middleware launches a detached child process. It downloads and dynamically executes remote JavaScript with Node module access.
Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Consumer calls the exported middleware function.
Impact
Remote operator can execute arbitrary code as the consuming application user.
Mechanism
Detached remote-payload download and dynamic code execution.
Attack narrative
`index.js` spawns detached `node lib/caller.js` with ignored stdio whenever the exported middleware is invoked. `lib/caller.js` requests a remote URL with a fixed header, reads `data.cookie`, compiles it with `new Function.constructor("require", s)`, and invokes it with Node's `require`. The server therefore controls executable code in the consuming application's context.
Rationale
This is a concrete remote-code-execution chain unrelated to the declared package purpose. It is runtime-triggered rather than lifecycle-triggered, but remains malicious.
Evidence
package.jsonindex.jslib/caller.js
Network endpoints1
json.extendsclass.com/bin/49b93b00acf1
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` launches detached `lib/caller.js` on middleware use.
- `lib/caller.js` fetches a remote payload with Axios.
- Remote `data.cookie` is executed via `Function.constructor`.
- Payload receives Node `require`, enabling arbitrary local code execution.
Evidence against
- `package.json` has no npm lifecycle hooks.
- No AI-agent configuration mutation found in inspected files.
Behavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourceindex.jsView file
•matchType = malicious_source_fingerprint_signature
signature = 2ad508fc9ea2882e
signatureType = suspicious_hashes
sourceLabel = final_verdict:malicious
matchedPackage = type-elint@3.3.7
matchedPath = index.js
matchedIdentity = npm:dHlwZS1lbGludA:3.3.7
similarity = 1.000
shingleOverlap = 12
summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkgdocs/transports.mdView file
550patternName = generic_password
severity = medium
line = 550
matchedText = password...rd',
Medium
Findings
2 High3 Medium3 Low
HighEval
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings