Which versions of chai-as-polished are malicious?

The following npm versions of chai-as-polished are flagged malicious: 7.0.8. Treat any of these as compromised.

How do I remediate chai-as-polished if I installed it?

Remove chai-as-polished from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is chai-as-polished part of a known attack campaign?

Yes — chai-as-polished is associated with the IN-MAL-2026-006794 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect chai-as-polished in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking chai-as-polished and packages like it before any post-install script runs.

Malicious package

chai-as-polishednpm

Malicious code in chai-as-polished (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5901

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall chai-as-polished

What this malware does

Package name is a one-edit typosquat of the widely-used chai-as-promised, but the shipped code is unrelated to chai. The exported middleware spawns a detached, unref'd child process running lib/initializeCaller.js. That file constructs a fake process.env containing three base64-encoded fields which decode to the URL https://tomato-brunhilda-40.tiiny.site/index.json and the header x-secret-key: _, fetches that URL via axios, and passes response.data.cookie to new Function.constructor('require', response)(require) — executing arbitrary attacker-supplied JavaScript with the installer's Node require available. The base64 staging of the URL and header has no functional purpose other than to hide the destination from cursory review. tiiny.site is an anonymous static-hosting service whose contents the author can change at any time, so the executed payload is fully attacker-controlled and mutable. Triggering requires a consumer to invoke the package's middleware, which is the documented entry point for anyone deceived by the name into installing it.

Malicious versions

1 flagged

7.0.8

Indicators of compromise (SHA-256)

b2ea0d46e0bb4382e8d684d025cb72b7f99e37874c571e9946ae1268b70be6cf

Frequently asked questions

No. chai-as-polished on npm has been identified as a malicious package (version 7.0.8 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006794

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection