VYPR

npm · Malicious package advisory

Malware

chai-plugin-helper

MAL-2026-5905

Malicious code in chai-plugin-helper (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (ddf8b1cc2e3c780dc0ac44e7691f14f2031f0aca1e1c207f1c15c0815471358b)
chai-plugin-helper poses as a chai plugin and ships a verbatim copy of chai's public API (index.js, lib/chai.js, expect/should/assert exports, version string '4.3.8', description copied from chai) so it functions as a drop-in replacement. On require('chai-plugin-helper'), index.js line 8 spawns a detached background `node` process that runs lib/chai/utils/assertion.js: `const child = spawn("node", [assertion, JSON.stringify(args)], { detached: true, stdio: "ignore" })`. assertion.js is obfuscator.io-encoded with a rotated 31-entry string array decoded via a base64+URI-decode chain and hex-named identifiers (_0x479d3b, _0x4a30, etc.). After deobfuscation, the file performs an HTTP(S) GET to a URL built from the encoded constants and passes the response body into `new Function(_0x154837[...],_0x375b9e)` invoked with the installer's `require` — executing attacker-controlled remote code with full Node privileges. The copyright header has been altered to 'Anton Lane' while the rest of chai's source is copied verbatim, so installers see a working assertion library and do not notice the dropper running in the background. Combination of namespace impersonation, drop-in API, obfuscation specifically wrapping the fetch+exec path, and remote-code execution at require-time is unambiguous supply-chain attack.

Compromised versions (4)

  • 1.7.5
  • 1.7.3
  • 1.7.6
  • 1.7.4

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.