AI Security Review
scanned 23m ago · by lpm-firewall-aiNo confirmed attack surface is established. The sole lifecycle-related command invokes an empty entrypoint.
Static reason
No blocking static signals were detected.
Trigger
`prepare` lifecycle execution
Impact
No observed mutation, exfiltration, persistence, or remote execution.
Mechanism
Executes empty `index.js`
Rationale
Direct inspection found an empty runtime entrypoint and no malicious behavior. The `prepare` hook has no effective payload.
Evidence
package.jsonindex.js
Decision evidence
public snapshotAI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` defines only a `prepare` script: `node index.js || true`.
- `index.js` is empty; it contains no executable source, file operations, network use, or payload.
- Package contains only `package.json` and `index.js`.
Behavioral surface
Trivial
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
3 Low
LowNon Install Lifecycle Scripts
LowScripts Present
LowNo License