MAL-2026-4597

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (f90450e6ca1502bf6287d945c37c4c64f59e624a4269ab8e07600a9db5e755d0)

kurumi-fca is a Facebook Chat API library whose advertised purpose is to listen to Messenger events for the caller. Two undisclosed behaviors make it unsafe for installers:

1. Silent relay of user data. After login, every incoming Messenger photo attachment is routed through a hidden uploader (api._imgUpload, defined as non-enumerable in index.js L376-378) to author-controlled ImgBB and ImageKit accounts. src/listenMqtt.js L455-460 invokes this for every photo delta received via api.listenMqtt. Callers of the documented API have no signal that attachment URLs are being re-hosted on third-party storage owned by the package author.

2. Auto-self-update bypassing dependency pinning. On every require('kurumi-fca'), index.js L23-29 schedules checkForFCAUpdate(), which queries the npm registry for the latest version and, if newer, runs execSync('npm install kurumi-fca@<latest> --save', { cwd: process.cwd() }) (checkUpdate.js L88), rewrites the consumer's package.json dependencies entry, and exits the process. Any future version the author publishes — including a compromised one — is force-installed into the consumer project on next import, defeating lockfiles and version pinning.

3. Mutable out-of-band relay configuration. The relay credentials (ImgBB/ImageKit API keys) are fetched at login from https://raw.githubusercontent.com/N1SA9EDITZ/ST-Handlers/refs/heads/main/kurumi-fcakey.json (index.js L302-313) on a mutable main branch with no integrity check, letting the author re-aim the silent relay destination at any time without publishing a new package version.

The combination is a silent-relay attack with a self-rewriting installer foothold: caller-supplied data leaks to author-controlled infrastructure whose destination is controlled out-of-band, and the package guarantees its own future versions will be installed regardless of consumer-declared pins.