registry  /  node-fsagent  /  4.685.44

node-fsagent@4.685.44

chunk 4.685.44

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No executable attack path is present. The package ships a large opaque manifest-data blob that is inert within this package.

Static reason
No blocking static signals were detected.
Trigger
Package download or metadata inspection.
Impact
No runtime activation or concrete impact is established from package source alone.
Mechanism
Opaque base64-like data embedded in manifest keywords.
Rationale
The opaque payload-like metadata is unexplained and unsuitable for a normal npm package, but direct inspection found no executable malicious behavior. Treat as an inert staged-payload carrier rather than a publish-blocking compromise.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` contains ~69 KB of opaque base64-like keyword data.
  • Package has no apparent declared functionality beyond an empty `index.js`.
Evidence against
  • `package.json` has no lifecycle scripts, dependencies, bin, or entrypoint overrides.
  • `index.js` is empty; no install-time or import-time code exists.
  • No network endpoints, shell execution, credential access, file writes, or dynamic execution found.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` contains ~69 KB of opaque base64-like keyword data.

package.jsonView on unpkg

Findings

2 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence