registry  /  node-fsagent  /  4.685.42

node-fsagent@4.685.42

chunk 4.685.42

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No install-time or runtime code path executes in this package. The only unusual content is a large opaque binary payload embedded in package.json keywords, which is not referenced by code.

Static reason
No blocking static signals were detected.
Trigger
No package action activates the payload; it remains inert in package metadata.
Impact
Could stage non-inspectable data for an external consumer, but this package contains no loader or execution chain.
Mechanism
Opaque high-entropy payload carrier in metadata
Rationale
Source inspection found no executable behavior or concrete attack chain, but the unusually large opaque metadata payload is an unresolved staged-payload risk. Warn rather than block because it is inert and has no activation path in the package.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • package.json contains 274 Base64-like keyword chunks totaling 51,200 decoded bytes.
  • Decoded keyword data is opaque high-entropy binary (7.9948 bits/byte), not normal package metadata.
  • The declared description is "chunk 4.685.42", consistent with an inert data carrier rather than a usable fs agent.
Evidence against
  • package.json has no scripts, bin, main, module, browser, or dependencies.
  • index.js exists but is empty; there is no executable package source.
  • No URLs, credential access, filesystem actions, shell execution, or AI-agent configuration logic were found.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

package.json contains 274 Base64-like keyword chunks totaling 51,200 decoded bytes.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence