registry  /  iwsdk  /  0.0.1-security

iwsdk@0.0.1-security

security holding package

AI Security Review

scanned 6h ago · by lpm-firewall-ai

No confirmed attack surface exists in this published placeholder version. It has no install-time or runtime entrypoint.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
No executable behavior observed.
Mechanism
Metadata-only holding package
Rationale
The inspected `0.0.1-security` package is a non-executable security placeholder. Historical malicious code referenced by the README is not present in this package source.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `README.md` states this is a security holding package replacing a removed malicious release.
Evidence against
  • `package.json` has no lifecycle scripts, entrypoints, dependencies, or bin declarations.
  • Package contains only `package.json` and `README.md`; no executable source or payload files.
  • No network, filesystem-write, credential, shell, eval, or AI-agent-control behavior is present in the inspected files.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence