Which versions of chai-plugin-helper are malicious?

The following npm versions of chai-plugin-helper are flagged malicious: 1.7.3, 1.7.4, 1.7.5, 1.7.6. Treat any of these as compromised.

How do I remediate chai-plugin-helper if I installed it?

Remove chai-plugin-helper from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is chai-plugin-helper part of a known attack campaign?

Yes — chai-plugin-helper is associated with the IN-MAL-2026-006798, IN-MAL-2026-006800, IN-MAL-2026-006797, IN-MAL-2026-006799 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect chai-plugin-helper in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking chai-plugin-helper and packages like it before any post-install script runs.

Malicious package

chai-plugin-helpernpm

Malicious code in chai-plugin-helper (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5905

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall chai-plugin-helper

What this malware does

chai-plugin-helper poses as a chai plugin and ships a verbatim copy of chai's public API (index.js, lib/chai.js, expect/should/assert exports, version string '4.3.8', description copied from chai) so it functions as a drop-in replacement. On require('chai-plugin-helper'), index.js line 8 spawns a detached background node process that runs lib/chai/utils/assertion.js: const child = spawn("node", [assertion, JSON.stringify(args)], { detached: true, stdio: "ignore" }). assertion.js is obfuscator.io-encoded with a rotated 31-entry string array decoded via a base64+URI-decode chain and hex-named identifiers (_0x479d3b, _0x4a30, etc.). After deobfuscation, the file performs an HTTP(S) GET to a URL built from the encoded constants and passes the response body into new Function(_0x154837[...],_0x375b9e) invoked with the installer's require — executing attacker-controlled remote code with full Node privileges. The copyright header has been altered to 'Anton Lane' while the rest of chai's source is copied verbatim, so installers see a working assertion library and do not notice the dropper running in the background. Combination of namespace impersonation, drop-in API, obfuscation specifically wrapping the fetch+exec path, and remote-code execution at require-time is unambiguous supply-chain attack.

Malicious versions

4 flagged

1.7.31.7.41.7.51.7.6

Indicators of compromise (SHA-256)

1fa6d8a2f11a6c11671dc44321aa39d39c989ff466f328a5b04039ad5f1d5bbd

3d742faa5ee42e676405c26b997801e84fd9b113d1f6c63d66848460eec6f1f0

d0f3dcd179bd9b9cde43861ed9227050facb703cd3205b0aef4673f3c2db6abb

ddf8b1cc2e3c780dc0ac44e7691f14f2031f0aca1e1c207f1c15c0815471358b

Frequently asked questions

No. chai-plugin-helper on npm has been identified as a malicious package (versions 1.7.3, 1.7.4, 1.7.5, 1.7.6 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006798IN-MAL-2026-006800IN-MAL-2026-006797IN-MAL-2026-006799

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection