registry  /  node-fsagent  /  4.685.10

node-fsagent@4.685.10

chunk 4.685.10

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No install-time or runtime attack surface is confirmed. The package distributes a large opaque metadata payload but has no declared executable entrypoint or lifecycle hook.

Static reason
No blocking static signals were detected.
Trigger
Installing or inspecting package metadata.
Impact
No direct execution is established; the opaque carrier could support a later external decoding or repackaging chain.
Mechanism
Inert opaque payload stored in package keywords.
Rationale
No direct malicious behavior can run from this package as shipped, but the unexplained opaque payload and absence of functionality warrant a warning rather than a clean verdict.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • `package.json` contains a 69 KB opaque base64-like `keywords` payload.
  • `index.js` is empty, leaving the package as metadata-only payload storage.
  • The manifest describes itself only as `chunk 4.685.10`, with no stated functional interface.
Evidence against
  • `package.json` has no `scripts` lifecycle hooks.
  • No `main`, `bin`, `module`, `browser`, or dependencies are declared.
  • No executable source, network endpoint, credential access, or file mutation was found.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` contains a 69 KB opaque base64-like `keywords` payload.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence