registry  /  node-fsagent  /  3.69.37

node-fsagent@3.69.37

+msDQZc3jcwdRxFDluTbJ2EW+1sJuiccQM3E+L6wjV8GdifV7IpZac5lqYy63akIacYyz71hVSWbliqdxw9crypvsL55doCjoRqXVa4BKKJT9J+HNz7UAYQKfOu5Pi413Y/lTrMPU2DWCz0DY588hlrqHBLBROI1QKAfeTgNCE3XyCxqNIUb4L/827/qdatSvuq3L7dVLgaFyseLnLYIM/Ke9gI+hNZBbCW3Cr8LEoSG7HtAgt/WchQv4keD6e7

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No executable install-time or runtime attack path is established. The sole suspicious artifact is inert opaque binary embedded in package metadata.

Static reason
No blocking static signals were detected.
Trigger
None; no lifecycle hook, entrypoint, or bin is declared.
Impact
No confirmed file access, execution, persistence, credential collection, or exfiltration.
Mechanism
Inert opaque metadata payload
Rationale
Opaque binary metadata is anomalous and unsupported by package function, but direct inspection found no activation mechanism or concrete malicious behavior. Warn rather than block for an inert payload carrier.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` stores a 682744-byte opaque base64 description payload.
  • Decoded description begins as high-entropy binary data, not package metadata.
Evidence against
  • `package.json` has only name, version, license, and description fields.
  • No preinstall/install/postinstall or other lifecycle scripts are defined.
  • No main, module, browser, bin, dependencies, or optional dependencies are declared.
  • `index.js` exists but is empty; package exposes no executable source.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` stores a 682744-byte opaque base64 description payload.

package.jsonView on unpkg

Findings

2 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence