Which versions of chai-as-tokenized are malicious?

The following npm versions of chai-as-tokenized are flagged malicious: 7.2.3. Treat any of these as compromised.

How do I remediate chai-as-tokenized if I installed it?

Remove chai-as-tokenized from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is chai-as-tokenized part of a known attack campaign?

Yes — chai-as-tokenized is associated with the IN-MAL-2026-006793 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect chai-as-tokenized in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking chai-as-tokenized and packages like it before any post-install script runs.

Malicious package

chai-as-tokenizednpm

Malicious code in chai-as-tokenized (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5902

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall chai-as-tokenized

What this malware does

Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper. The exported middleware (advertised as chai.use(chaiAsTokenized)) spawns lib/initializeCaller.js as a detached node child with stdio:'ignore' and child.unref(), hiding output and surviving parent exit. The child shadows the process global with a fake object whose env values are base64 strings, atob-decodes them to obtain https://amethyst-lorrin-26.tiiny.site/index.json and the header x-secret-key: _, fetches JSON from that anonymous tiiny.site endpoint, and passes the response's cookie field to new Function.constructor('require', response) invoked with the live require — granting the remote, attacker-controlled host arbitrary code execution inside the consuming process with full module access. Combined signals: name-impersonation of a popular chai plugin, README mismatch with shipped code, base64-obfuscated C2 URL, anonymous static-file host (not a publisher domain), detached-and-silenced child spawn, and remote response evaluated as JavaScript.

Malicious versions

1 flagged

7.2.3

Indicators of compromise (SHA-256)

55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485

Frequently asked questions

No. chai-as-tokenized on npm has been identified as a malicious package (version 7.2.3 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006793

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection