registry  /  micro-ui-loader  /  0.0.1-security

micro-ui-loader@0.0.1-security

security holding package

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed executable attack surface exists in this package version. It is a metadata-only security holding package with no lifecycle hooks or entrypoints.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
No package-originated runtime, install-time, network, or filesystem action established.
Mechanism
No executable behavior declared
Rationale
Direct inspection found only a minimal manifest and README with no executable code or declared execution paths. The README's historical claim does not establish malicious behavior in this published placeholder version.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md states this is a security holding package for a removed package.
Evidence against
  • package.json has no scripts, bin, main, module, browser, or dependencies.
  • Only package.json and README.md are present; no executable source or payload files exist.
  • No install-time hooks, network endpoints, file writes, shell execution, or dynamic loading are declared.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence