MAL-2026-6393

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-as-predicted/MAL-2026-6393.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-6393

Published

2026-06-24T14:04:35Z

Modified

2026-06-24T15:18:03.729467203Z

Summary

Malicious code in chai-as-predicted (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (fd7a2ff71dd341d02986c8185ea9eb18196b782f0efd9103859c0493c9f4cc78)

Package name 'chai-as-predicted' impersonates the popular 'chai-as-promised' assertion library, but ships unrelated code disguised as pino logger internals. The exported middleware in index.js spawns a detached background Node process running lib/initializeCaller.js as soon as a consumer invokes it. lib/initializeCaller.js base64-decodes a hardcoded URL (https://amethyst-lorrin-26.tiiny.site/index.json) and a custom 'x-secret-key' header, performs an HTTP GET with retries, and passes the response body's.data.cookie field to new Function.constructor('require', response) which is then invoked with the real require — executing attacker-controlled JavaScript with full Node privileges on the installer's machine. The C2 URL and headers are stored as base64 strings inside a fake process.env object and decoded with atob() at runtime to evade plaintext URL scanning. The destination is an anonymous free-hosting domain with mutable, unauthenticated content. Consumers tricked by the typosquat name into requiring this package and calling its middleware will execute arbitrary remote code.

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "6.0.3"
            ],
            "modified_time": "2026-06-24T14:04:35Z",
            "sha256": "fd7a2ff71dd341d02986c8185ea9eb18196b782f0efd9103859c0493c9f4cc78",
            "id": "IN-MAL-2026-007434",
            "source": "amazon-inspector",
            "import_time": "2026-06-24T15:01:17.658619429Z"
        }
    ]
}

References

https://www.npmjs.com/package/chai-as-predicted/v/6.0.3

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com

Affected packages

npm / chai-as-predicted

Package

Name: chai-as-predicted; View open source insights on deps.dev
Purl: pkg:npm/chai-as-predicted

Affected ranges

Affected versions

6.*

6.0.3

Database specific

cwes

[
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    }
]

indicators

{
    "package_integrity": [
        {
            "filename": "chai-as-predicted-6.0.3.tgz",
            "hashes": {
                "sha512_sri": "sha512-V58+AhpX19dScEOd/IlDUVIOESLZ4Y+CSCn5De+481pYz9TU7ycY36Kyo9GDykPkD/2WvogAi4y3w2HGE20VZw==",
                "sha1": "12ba4f74bd2766d0b306423f01c55a629bf16a6c"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "package.json",
            "tlsh": "6f019c60de788e2300ed25825c2a064376619c136928fc1932d7512c0f9d5bf11bf21d",
            "sha256": "1037a15b22b9c3c153dbd9d25e41d0bb2b8f05d9063d859d17235470375821b2"
        },
        {
            "path": "lib/initializeCaller.js",
            "tlsh": "f111008d61fc200c056512e6b22f18116022e4273d4ad4e47adc83470f9627fbd536df",
            "sha256": "2a41c6b7c5e256d70f884c613c6412ef73d86f8cd8a65afe6afb64fabaf4e022"
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-as-predicted/MAL-2026-6393.json"