registry  /  @amedit/vercel-builder-probe  /  0.0.1-security

@amedit/vercel-builder-probe@0.0.1-security

security holding package

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No current attack surface is established. The published package is a non-executable holding placeholder.

Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No install-time or runtime behavior is defined.
Mechanism
Manifest and documentation only.
Rationale
Direct inspection shows a placeholder package with no executable entrypoints or lifecycle hooks. The README's historical claim is not evidence of malicious behavior in this package version.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `README.md` says this is a security holding package for previously removed code.
Evidence against
  • `package.json` has no scripts, dependencies, bin, main, module, or browser entrypoints.
  • Package contains only `package.json` and `README.md`; no executable source or payload files exist.
  • No network endpoints, filesystem mutation, credential access, shell execution, or dynamic loading is present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence