Which versions of chai-as-type are malicious?

The following npm versions of chai-as-type are flagged malicious: 1.1.9, 7.0.5. Treat any of these as compromised.

How do I remediate chai-as-type if I installed it?

chai-as-type is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed chai-as-type — how do I know if it already compromised me?

If chai-as-type was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is chai-as-type part of a known attack campaign?

Yes — chai-as-type is associated with the RLMA-2026-01916, IN-MAL-2026-003904 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find chai-as-type across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for chai-as-type (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging chai-as-type across your stack and pipelines.

Malicious package

chai-as-typenpm

Malicious code in chai-as-type (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-2740

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall chai-as-type

What this malware does

chai-as-type is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint[.]io/c26313f0733957a7d787 and executes it (similar to malware in to chai-await-test).

The package name impersonates the popular chai / chai-as-promised assertion libraries, but the code is an unrelated pino-shaped middleware whose only side effect is launching a remote-code loader. lib/caller.js issues an axios GET to https://jsonkeeper.com/b/XRGF3 (an anonymous public JSON paste host), takes the returned data.cookie string, constructs new Function.constructor('require', s), and invokes it with the live require — executing arbitrary attacker-controlled JavaScript in the installer's Node process with full module access. The C2 URL is base64-encoded and stashed under fake DEV_API_KEY / DEV_SECRET_KEY keys on a locally redeclared process object (aHR0cHM6Ly9qc29ua2VlcGVyLmNvbS9iL1hSR0Yz decodes to the jsonkeeper URL); a sibling encoded URL .../b/4NAKK lives in lib/const.js. The loader is reached two ways: (1) when the exported pino middleware is invoked, index.js detaches a child_process.spawn('node', ['lib/caller.js',...]); (2) the package's smoke:pino npm script runs index.js directly. The paste-host content is mutable by the attacker at any time, so each fetch can deliver fresh payloads (credential theft, persistence, etc.) without re-publishing the package.

Malicious versions

2 flagged

1.1.97.0.5

Indicators of compromise (SHA-256)

ca8f85334ab437b20dd22839623379d7b662d0b6f8cce2b38e4c953196d4c48f

c48e79ab60bf33822b131a30be07b07afee7fe9feed4439ac5f43988283001ac

75650bd9993ad4d310c42309ea4f185f9ec2bca169073315a9a1604c76830e41

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for chai-as-type (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging chai-as-type across your stack and pipelines.
If you installed it — respond
chai-as-type is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If chai-as-type was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks chai-as-type before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. chai-as-type on npm has been identified as a malicious package (versions 1.1.9, 7.0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2026-01916IN-MAL-2026-003904

References

Credits

Amazon Inspector · finder
ReversingLabs · finder
indece · finder

Detect & block this

O3 blocks chai-as-type-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring