OSV ID
MAL-2026-6931
Ecosystem
npm
Summary
On require, index.js spawns a detached background node process that runs lib/initializeCaller.js. That module axios.get()s a base64-obfuscated URL (decodes to https://amethyst-lorrin-26.tiiny.site/index.json) and passes the response's cookie field to new Function('require',...) which is then invoked with the real require , giving the remote operator arbitrary Node.js execution inside the installer's process. The URL is stored as a base64 blob decoded via atob() and wrapped in a function named initializeCaller with comments framing it as routine middleware — deliberate cover for the exfiltration/execution primitive. The package is published as chai-sdk but its entrypoint exports an object named pino with pino's DEFAULT_LEVELS, messageKey, and mirror files (lib/proto.js, lib/multistream.js, lib/redaction.js), masquerading as the popular pino logger so consumers integrate it as a benign logging dependency. Import-time fetch is from an anonymous, mutable tiiny.site host with no pinning, hash, or signature — whatever JavaScript the operator serves runs with the consumer's Node privileges.
Source: amazon-inspector (9192d163b3814064c95a23cb11e218732346628f3109517aab7697c2dcb6d016)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.