chai-as-adapter is a malicious npm package that when imported downloads a C2 dropper from https://jsonkeeper[.]com/b/FAWPU and executes it (similar to malware in to chai-await-test).
-= Per source details. Do not edit below this line.=-
The package chai-as-adapter was found to contain malicious code.
{
"iocs": {
"urls": [
"https://jsonkeeper.com/b/FAWPU"
]
},
"malicious-packages-origins": [
{
"source": "amazon-inspector",
"sha256": "e4ad687e2827eba4cf0c61d04ad9122d72ddc6e49ffdeabebf34f4ed10787bd4",
"import_time": "2026-04-23T20:49:03.330872634Z",
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"modified_time": "2026-04-23T20:43:56Z"
},
{
"source": "reversing-labs",
"sha256": "dce4486ce0b450cb55858aa483f2f518a72cd5a7f7c8008a363e4bc4f0fd2ea7",
"modified_time": "2026-07-07T12:42:53Z",
"import_time": "2026-07-09T09:16:20.311339641Z",
"id": "RLMA-2026-04976",
"versions": [
"1.5.2"
]
}
]
}