registry  /  @versini/dev-dependencies-client  /  13.0.7

@versini/dev-dependencies-client@13.0.7

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed attack surface is established from the shipped package files. The package is a dependency bundle manifest plus changelog/license, with no executable entrypoint or lifecycle hook.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install resolves declared dependencies only; no package-owned code runs
Impact
No malicious behavior identified in package-owned source
Mechanism
dependency manifest package
Rationale
Static source inspection found no executable package code, lifecycle hooks, or malicious primitives. The suspicious scanner signal is a non-executing repository/local-workspace dependency metadata issue rather than concrete attack behavior.
Evidence
package.jsonCHANGELOG.mdLICENSE
Network endpoints3
github.com/aversini/dev-dependencies/tree/main/packages/clientgit@github.com:aversini/dev-dependencies.gitgithub.com/versini-org/dev-dependencies

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no scripts, bin, main, module, or browser entrypoints.
    • Package contents are only package.json, CHANGELOG.md, and LICENSE.
    • No install-time or import-time package code is present.
    • No credential/env harvesting, filesystem mutation, child_process, eval, native loading, or exfiltration code found.
    • Scanner git-dependency hint is explained by repository metadata and a local workspace dependency string, not executable code.
    • CHANGELOG.md only documents dependency/version updates.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    GitDependency
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Medium
    MediumGit Dependency