registry  /  node-fsagent  /  3.69.34

node-fsagent@3.69.34

7jSDluvIitKpxhdxEf0RuLQPVzxonLtrg4oU6uxzMdaFefZI7g1AmVDWj1gfrB0mulaCclc1n3AziJ54Ikdrxa2A45boLdVhyfFbdH5qqecketlZLOI1lXPhoH+RSKkOfkm5vZ7H2zPDfKYr9qbyzhW4l+nhBkK5x5h2stY4l88eGfRMNYfxz9Sh4RIMQJuo6TWxD/2zSOgtxGHnHCSC0slSms9MzOfsFulGAsCo/k7aJFpthA92u39q9MhxAsr

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No executable install-time or runtime attack surface is established. The package is an inert opaque-data carrier with no declared entrypoint or lifecycle hook.

Static reason
No blocking static signals were detected.
Trigger
None identified from package metadata or source.
Impact
No confirmed execution path; payload provenance and purpose remain unresolved.
Mechanism
Opaque binary payload stored in package metadata only.
Rationale
No concrete malicious behavior or activation path is present, but the inert opaque payload is abnormal and cannot be attributed to a benign package function.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • package.json contains a 682668-character opaque base64-like description that decodes to unclassified binary data.
  • package contains no usable source: index.js is empty and package.json has no entrypoint metadata.
Evidence against
  • package.json defines no preinstall, install, postinstall, or other lifecycle scripts.
  • No bin, main, module, browser, dependencies, or optional dependencies are declared.
  • No executable JavaScript, network endpoint, credential access, shell execution, or file mutation was found in inspected files.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

2 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

package.json contains a 682668-character opaque base64-like description that decodes to unclassified binary data.

package.jsonView on unpkg
Published source reference
Medium
Ai Review Evidence

package contains no usable source: index.js is empty and package.json has no entrypoint metadata.

package.jsonView on unpkg

Findings

2 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidencepackage.json