npm · Malicious package advisory
Malwarechai-as-polished
MAL-2026-5901
Malicious code in chai-as-polished (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (b2ea0d46e0bb4382e8d684d025cb72b7f99e37874c571e9946ae1268b70be6cf)
Package name is a one-edit typosquat of the widely-used chai-as-promised, but the shipped code is unrelated to chai. The exported middleware spawns a detached, unref'd child process running lib/initializeCaller.js. That file constructs a fake `process.env` containing three base64-encoded fields which decode to the URL https://tomato-brunhilda-40.tiiny.site/index.json and the header `x-secret-key: _`, fetches that URL via axios, and passes `response.data.cookie` to `new Function.constructor('require', response)(require)` — executing arbitrary attacker-supplied JavaScript with the installer's Node `require` available. The base64 staging of the URL and header has no functional purpose other than to hide the destination from cursory review. tiiny.site is an anonymous static-hosting service whose contents the author can change at any time, so the executed payload is fully attacker-controlled and mutable. Triggering requires a consumer to invoke the package's middleware, which is the documented entry point for anyone deceived by the name into installing it.
## Source: ghsa-malware (869d873d0e1d2cf40fe6383629d3c195a5d8aca6d93a67cc04c5f54eab38bf57)
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Compromised versions (1)
- 7.0.8
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.