registry  /  node-fsagent  /  4.685.3

node-fsagent@4.685.3

chunk 4.685.3

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No executable attack path is established. The package is an inert metadata payload carrier with unusually large opaque keyword data.

Static reason
No blocking static signals were detected.
Trigger
npm metadata consumption or package installation
Impact
No runtime behavior is reachable from the inspected package contents.
Mechanism
opaque metadata payload without shipped execution
Rationale
Source inspection found no concrete malicious execution, exfiltration, persistence, or control-surface mutation. The anomalous opaque metadata warrants a warning because it may be used as a staged carrier despite being inert here.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json contains a very large opaque encoded-looking keywords array.
  • package.json describes itself only as "chunk 4.685.3", inconsistent with the package name.
Evidence against
  • package.json has no lifecycle scripts, entrypoint, bin, dependencies, or install hooks.
  • index.js exists but is empty; no executable source is shipped.
  • No network endpoints, file access, shell execution, or credential handling appears in inspected files.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

2 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

package.json contains a very large opaque encoded-looking keywords array.

package.jsonView on unpkg
Published source reference
Medium
Ai Review Evidence

package.json describes itself only as "chunk 4.685.3", inconsistent with the package name.

package.jsonView on unpkg

Findings

2 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidencepackage.json