registry  /  marked-prettier  /  0.0.1-security

marked-prettier@0.0.1-security

security holding package

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed executable attack surface exists in this extracted package. The manifest contains metadata only and the README is informational.

Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No package-originated runtime, install-time, persistence, or exfiltration behavior established.
Mechanism
No executable behavior present.
Rationale
Direct inspection found only a metadata-only manifest and an informational README. Although the README says an earlier package was removed for malicious code, this holding version contains no executable source or install hook.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no lifecycle scripts, entrypoints, dependencies, or executable configuration.
    • Only package files are package.json and README.md.
    • README.md is a non-executable security-placeholder notice.
    • No network, shell, dynamic loading, credential access, or agent-control code is present.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    NoLicense
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Low
    LowNo License