registry  /  node-fsagent  /  3.69.33

node-fsagent@3.69.33

+6xsnG1bQ5z5oyHAm9bLNzTQWzFJP3aCzbdB1s9Wg4Q7STk1ICAI6IiifrDbhGMzgoWbYTlUY/ueA1WW0lRhosxXONDXwkzmztQ/AGGGvTtW1V1mDMaPExNJzzzjsHp6kA+rxrEq4k5OMqyaEiz3Bt+al6ZS6e5Vps/AxMdNZ9qGmAAjI0k4er8mXDx8gWcw840+T9LnDPIs4F3AH2NAx89VhMnDnQAxjpwnNwAbw0x+wLzZOAwTO/NKsoJiknN

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No install-time or runtime execution path is present. The manifest contains a large opaque metadata payload, creating an inert carrier risk but no confirmed active attack surface.

Static reason
No blocking static signals were detected.
Trigger
None observed
Impact
Potential staging or downstream parser risk; no active behavior confirmed
Mechanism
Opaque payload embedded in package metadata
Rationale
No concrete malicious execution, persistence, exfiltration, or install-time mutation was found. The anomalously large opaque manifest payload warrants a warning as a staged payload carrier rather than a block.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Unknown with low false-positive risk.
Evidence for warning
  • `package.json` is 682744 bytes despite only metadata.
  • `package.json` stores an unusually large opaque encoded-looking `description` value.
  • `index.js` is empty; the opaque data is currently inert.
Evidence against
  • `package.json` has no `scripts` or lifecycle hooks.
  • No `main`, `module`, `browser`, or `bin` entrypoint is declared.
  • No dependencies, network endpoints, executable code, or file operations were found.
  • `index.js` is zero bytes.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

2 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` is 682744 bytes despite only metadata.

package.jsonView on unpkg
Published source reference
Medium
Ai Review Evidence

`package.json` stores an unusually large opaque encoded-looking `description` value.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidencepackage.json
MediumAi Review Evidence