registry  /  node-fsagent  /  3.69.31

node-fsagent@3.69.31

CLThENyaT5IQc3zhYEG4aHuHeS59AHqo9R78AKgq/pIueo+ICjiJgAiQwYP3ZaYJ9AbCpeTTXBNHAZr6yPihO3fwxkRZ4Vp7w3zmpNXEfNFra1CxO6Qd+D4KnTDgzBhsDgsi5zqGRTMpMW/0fz0HqamMJgc94zp++lVf72CoWeYgB08imGsHDRctEzniHW5Y4Hw3naBstA/cBGDdI+iPP0sc84zZ5HDaw+pjvEUs2Pveh0eodjRg5jtgZj1gZjn

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No executable package attack surface is established. The only unusual content is an inert opaque binary blob stored in the manifest description.

Static reason
No blocking static signals were detected.
Trigger
Package metadata read or registry display only; no install-time or runtime entrypoint is declared.
Impact
No source path executes, writes files, accesses credentials, or makes network requests.
Mechanism
Opaque inert payload carrier in manifest metadata.
Rationale
The manifest blob is abnormal and unexplained, but it has no observed execution or delivery mechanism. This merits a warning rather than a block.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `package.json` contains a 682,668-character opaque base64 description blob.
  • Decoded description is high-entropy binary data, not a normal package description.
  • The package has no functional source: `index.js` is empty.
Evidence against
  • `package.json` declares no lifecycle scripts.
  • `package.json` declares no entrypoint, bin, dependencies, or optional dependencies.
  • No executable source, network endpoint, shell invocation, credential access, or file-write logic was found.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` contains a 682,668-character opaque base64 description blob.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence