Which versions of chai-solidity-testkit are malicious?

The following npm versions of chai-solidity-testkit are flagged malicious: 1.6.1, 1.6.4. Treat any of these as compromised.

How do I remediate chai-solidity-testkit if I installed it?

Remove chai-solidity-testkit from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is chai-solidity-testkit part of a known attack campaign?

Yes — chai-solidity-testkit is associated with the IN-MAL-2026-006787, IN-MAL-2026-006786 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect chai-solidity-testkit in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking chai-solidity-testkit and packages like it before any post-install script runs.

Malicious package

chai-solidity-testkitnpm

Malicious code in chai-solidity-testkit (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5907

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall chai-solidity-testkit

What this malware does

The package masquerades as a Web3/Solidity testing toolkit but its shipped source is an unrelated stream-pipeline library plus a hidden payload runner. The default export chaiPlugin (src/index.js) calls runChain, which spawns node src/utils/swap.js as a detached, unref'd child process. swap.js issues an HTTPS GET to https://jsonkeeper.com/b/CS0FU, takes the response's data.config string, and executes it via new Function.constructor('require', s) invoked with the real require — granting the remote operator full Node.js capabilities (filesystem, network, child_process, env) on the installer's machine. The remote endpoint is author-mutable (a public paste host), so the executed code can change at any time without a package update. The detach+unref pattern lets the payload outlive the calling process. The package name and description impersonate the chai/solidity testing namespace, and the only reason axios is declared as a dependency is to drive the remote fetch in swap.js.

Malicious versions

2 flagged

1.6.11.6.4

Indicators of compromise (SHA-256)

7f6482febfb9b57ff5c59a2170dab31ec0dd814ccc21b6996dbb9e7a0c9e575c

e4b95b625d981714721f5d2d3ad2896a01f678f085167245a452e68c16bb5fcf

Frequently asked questions

No. chai-solidity-testkit on npm has been identified as a malicious package (versions 1.6.1, 1.6.4 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006787IN-MAL-2026-006786

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection