Which versions of chai-plugin are malicious?

The following npm versions of chai-plugin are flagged malicious: 4.5.2, 4.5.3, 4.5.4, 4.5.5. Treat any of these as compromised.

How do I remediate chai-plugin if I installed it?

Remove chai-plugin from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is chai-plugin part of a known attack campaign?

Yes — chai-plugin is associated with the IN-MAL-2026-006789, IN-MAL-2026-006796, IN-MAL-2026-006792, IN-MAL-2026-006788 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect chai-plugin in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking chai-plugin and packages like it before any post-install script runs.

Malicious package

chai-pluginnpm

Malicious code in chai-plugin (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5904

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall chai-plugin

What this malware does

Package name chai-plugin impersonates the popular chai assertion library — README and copyright headers reference chaijs.com / chaijs/chai, but the homepage is the lookalike chaiplugin.com and the author is unrelated to chai's real maintainer. Two obfuscator.io payloads (hex-named identifiers, rotated string array with a base64+URI custom decoder, control-flow obfuscation, arithmetic self-check) are glued onto otherwise-legitimate chai source. (1) lib/chai/utils/assertion.js builds a URL with a query parameter, calls require('http'|'https').get(url,...), accumulates the response body, then executes the bytes via new Function('require', body)(require) — an import-time dropper that runs whatever JS the remote server currently serves, with full Node require capability. (2) lib/chai.js destructures spawn from child_process and unconditionally invokes a top-level function that runs spawn(<cmd>, [path.join(__dirname, <sibling>), JSON.stringify(opts)], {detached: true, stdio:...}).unref(), backgrounding a malicious worker that survives the parent process. Both fire at module load via index.js -> require('./lib/chai'). The combination of typosquat name, obfuscation smuggled onto legitimate source, network-fetch-and-eval, and detached subprocess launch is a malicious supply-chain dropper.

Malicious versions

4 flagged

4.5.24.5.34.5.44.5.5

Indicators of compromise (SHA-256)

67e08b149ec19ba5622783cfdf864741264b5f6cbe5f56a15c8553c6f1ab5106

d8288900390b603834b85d1945f829d1c5386bd7cbca56ded07b27557ddb4d0f

955522a906103bb6eae62759721a35b120cdaffd1d2747a2f1b73b37c6d2d1db

9bbe8cb82be82f91cf6332988d29fcdd4e7574f766af4d524ce5c08edc9f94f6

Frequently asked questions

No. chai-plugin on npm has been identified as a malicious package (versions 4.5.2, 4.5.3, 4.5.4, 4.5.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006789IN-MAL-2026-006796IN-MAL-2026-006792IN-MAL-2026-006788

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection