registry  /  node-fsagent  /  4.685.46

node-fsagent@4.685.46

chunk 4.685.46

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No executable install-time or runtime attack surface is established. The package consists of metadata plus an empty index file; opaque keywords are inert metadata.

Static reason
No blocking static signals were detected.
Trigger
None; package installation does not declare lifecycle scripts or an executable entrypoint.
Impact
No source-backed execution, exfiltration, persistence, or file mutation path exists.
Mechanism
Inert oversized metadata payload
Rationale
Direct inspection found no code path capable of executing the opaque metadata or performing harmful actions. The unusual keyword payload is inert and does not justify a blocking or warning verdict without a reachable mechanism.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json contains 274 opaque high-entropy keyword strings totaling 68,268 characters.
  • index.js exists but is empty; the package exposes no executable source.
Evidence against
  • package.json has only name, version, license, description, and keywords.
  • No scripts, bin, main, module, browser, dependencies, or optionalDependencies are declared.
  • No install lifecycle hook or runtime entrypoint exists.
  • No network, filesystem, shell, dynamic execution, or credential-access code was found in package files.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Low
Ai Review Evidence

package.json contains 274 opaque high-entropy keyword strings totaling 68,268 characters.

package.jsonView on unpkg

Findings

2 Low
LowAi Review Evidencepackage.json
LowAi Review Evidence