AI Security Review
scanned 3h ago · by lpm-firewall-aiNo install-time or runtime attack path is present in the inspected files. The manifest contains a large opaque data blob but no code references or decodes it.
Static reason
No blocking static signals were detected.
Trigger
None established
Impact
No confirmed execution or exfiltration; embedded payload-like data is unexplained.
Mechanism
Inert opaque manifest data carrier
Rationale
No concrete malicious execution chain exists, but the package is an unexplained inert opaque-data carrier. Flag it for warning without blocking publication.
Evidence
package.jsonindex.js
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json is 69 KB and stores opaque base64-like blobs in keywords.
- index.js exists but is empty; no source explains the embedded data.
Evidence against
- package.json has no scripts, bin, main, dependencies, or install hooks.
- index.js contains no executable code.
- No network, subprocess, filesystem, environment, or dynamic-loading calls were found.
Behavioral surface
Trivial
Source & flagged code
1 flagged · loading sourcepackage.jsonView file
•Published source reference
Medium
Ai Review Evidence
package.json is 69 KB and stores opaque base64-like blobs in keywords.
package.jsonView on unpkgFindings
2 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence