registry  /  @cw-ui/micro-ui-loader  /  0.0.1-security

@cw-ui/micro-ui-loader@0.0.1-security

security holding package

AI Security Review

scanned 32m ago · by lpm-firewall-ai

No confirmed attack surface exists in this extracted version. The package contains only metadata and a README.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
No package-originated execution, persistence, file access, or network activity established.
Mechanism
No executable package behavior
Rationale
Direct inspection found no executable files, lifecycle hooks, entrypoints, dependencies, or suspicious primitives. The README's claim about a prior package state is unverified text and does not make this holding-package version malicious.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json contains only package metadata; no lifecycle scripts or executable entrypoints.
    • Package contents are limited to package.json and README.md.
    • No source code, dependencies, network endpoints, or install/import execution paths are present.
    • README.md is informational only; its historical claim is not executable evidence.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    NoLicense
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Low
    LowNo License