chai-as-tokenized @7.2.3

Summary

Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper. The exported middleware (advertised as chai.use(chaiAsTokenized) ) spawns lib/initializeCaller.js as a detached node child with stdio:'ignore' and child.unref() , hiding output and surviving parent exit. The child shadows the process global with a fake object whose env values are base64 strings, atob-decodes them to obtain https://amethyst-lorrin-26.tiiny.site/index.json and the header x-secret-key: _ , fetches JSON from that anonymous tiiny.site endpoint, and passes the response's cookie field to new Function.constructor('require', response) invoked with the live require — granting the remote, attacker-controlled host arbitrary code execution inside the consuming process with full module access. Combined signals: name-impersonation of a popular chai plugin, README mismatch with shipped code, base64-obfuscated C2 URL, anonymous static-file host (not a publisher domain), detached-and-silenced child spawn, and remote response evaluated as JavaScript.

Source: amazon-inspector (55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485)