registry  /  loader1  /  0.0.1-security

loader1@0.0.1-security

security holding package

AI Security Review

scanned 18h ago · by lpm-firewall-ai

No confirmed attack surface in this package version. It is a metadata-only security holding package.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
None established
Mechanism
No executable package behavior
Rationale
Direct inspection found no executable source or lifecycle hooks. The README's historical claim does not establish malicious behavior in loader1@0.0.1-security.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md states this is a security holding package replacing removed malicious code.
Evidence against
  • package.json contains only package metadata; no scripts, dependencies, or entrypoints.
  • README.md and package.json are the only package files present.
  • No install-time, runtime, network, filesystem, shell, or dynamic-loading code exists.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence