registry  /  node-fsagent  /  4.685.48

node-fsagent@4.685.48

chunk 4.685.48

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No currently executable attack path is present. The package is an inert opaque-data carrier embedded in manifest metadata.

Static reason
No blocking static signals were detected.
Trigger
Package installation or metadata inspection; no runtime entrypoint is declared.
Impact
No direct impact established from this version; opaque payloads can support later staging or ecosystem abuse.
Mechanism
Large opaque payload stored in `keywords` without code to consume it.
Rationale
Direct inspection found no concrete malicious execution, exfiltration, persistence, or install-time mutation. The anomalous opaque manifest payload warrants a warning as an inert staged carrier rather than a block.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Unknown with low false-positive risk.
Evidence for warning
  • `package.json` is 69 KB, almost entirely opaque base64-like `keywords` entries.
  • `index.js` exists but is empty; the package exposes no functional implementation.
  • The manifest has no `main`, `bin`, dependencies, or repository metadata, inconsistent with a usable fs-agent package.
Evidence against
  • `package.json` defines no lifecycle scripts, including install-time hooks.
  • No executable source, network endpoint, credential access, shell execution, or AI-agent configuration mutation is present.
  • The opaque data has no manifest path that loads or executes it.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` is 69 KB, almost entirely opaque base64-like `keywords` entries.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumSuspicious Dependency Evidence