registry  /  @versini/dev-dependencies-client  /  13.0.8

@versini/dev-dependencies-client@13.0.8

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed attack surface. The published archive contains manifest metadata and documentation only, with no install or runtime entrypoint.

Static reason
One or more suspicious static signals were detected.
Trigger
None
Impact
No package-originated execution, persistence, exfiltration, or destructive action established.
Mechanism
No executable package code or lifecycle hook
Rationale
Direct inspection found no executable payload, lifecycle hook, or entrypoint. The scanner signal is a false positive caused by the manifest repository URL.
Evidence
package.jsonCHANGELOG.mdLICENSE

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no lifecycle scripts or bin/main/module/browser entrypoints.
    • Package contains only `package.json`, `CHANGELOG.md`, and `LICENSE`; no executable source or binaries.
    • No credential, environment, filesystem, network, shell, eval, or agent-control code exists in the package.
    • The flagged git URL is repository metadata, not a git dependency.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    GitDependency
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Medium
    MediumGit Dependency