registry  /  @versini/dev-dependencies-server  /  9.0.7

@versini/dev-dependencies-server@9.0.7

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No executable package source, lifecycle hook, or entrypoint is present. No confirmed attack surface is established.

Static reason
One or more suspicious static signals were detected.
Trigger
None
Impact
No package code runs or modifies files.
Mechanism
Metadata-only package manifest
Rationale
Direct inspection shows a metadata-only package with dependencies but no install-time scripts or executable entrypoints. The scanner's git-dependency signal is not supported by the manifest.
Evidence
package.jsonCHANGELOG.mdLICENSE

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no scripts or lifecycle hooks.
    • package.json defines no main, module, bin, or browser entrypoint.
    • Package contents contain only package.json, CHANGELOG.md, and LICENSE.
    • The flagged dependency is a local workspace path, not a git dependency.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    GitDependency
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Medium
    MediumGit Dependency