registry  /  class-synth  /  0.0.1-security

class-synth@0.0.1-security

security holding package

AI Security Review

scanned 19h ago · by lpm-firewall-ai

No confirmed attack surface is present in this package version. It is an inert holding package with metadata and documentation only.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
None
Mechanism
No executable package behavior
Rationale
The inspected class-synth@0.0.1-security contents are non-executable and define no install or runtime behavior. README.md describes prior removed malware, but supplies no evidence of malicious behavior in this published holding version.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md states this is an npm security holding package after earlier malicious code was removed.
Evidence against
  • package.json contains only name, version, description, and repository metadata.
  • package.json defines no lifecycle hooks or executable entrypoints.
  • The package contains only package.json and README.md; no JavaScript, binaries, or install scripts are present.
  • No network endpoints, file writes, credential access, dynamic execution, or persistence code exists in the inspected files.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence