npm · Malicious package advisory
Malwarechai-as-predicted
MAL-2026-6393
Malicious code in chai-as-predicted (npm)
Details
---
_-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (fd7a2ff71dd341d02986c8185ea9eb18196b782f0efd9103859c0493c9f4cc78)
Package name 'chai-as-predicted' impersonates the popular 'chai-as-promised' assertion library, but ships unrelated code disguised as pino logger internals. The exported middleware in index.js spawns a detached background Node process running lib/initializeCaller.js as soon as a consumer invokes it. lib/initializeCaller.js base64-decodes a hardcoded URL (https://amethyst-lorrin-26.tiiny.site/index.json) and a custom 'x-secret-key' header, performs an HTTP GET with retries, and passes the response body's.data.cookie field to `new Function.constructor('require', response)` which is then invoked with the real require — executing attacker-controlled JavaScript with full Node privileges on the installer's machine. The C2 URL and headers are stored as base64 strings inside a fake `process.env` object and decoded with atob() at runtime to evade plaintext URL scanning. The destination is an anonymous free-hosting domain with mutable, unauthenticated content. Consumers tricked by the typosquat name into requiring this package and calling its middleware will execute arbitrary remote code.
Compromised versions (1)
- 6.0.3
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.