registry  /  node-fsagent  /  4.685.49

node-fsagent@4.685.49

chunk 4.685.49

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed attack surface is established. The package contains an empty JavaScript file and a metadata-only manifest.

Static reason
No blocking static signals were detected.
Trigger
None; package installation and import expose no declared executable entrypoint.
Impact
No confirmed credential access, exfiltration, execution, persistence, or destructive action.
Mechanism
No runtime behavior present.
Rationale
Direct inspection found no lifecycle scripts or runtime source behavior. The opaque manifest keywords are anomalous but inert without code that reads or executes them.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no scripts, bin, main, module, browser, or dependencies.
    • index.js is empty (0 bytes).
    • No executable entrypoint, lifecycle hook, network endpoint, or file/process API exists in inspected source.
    • The 274 opaque keyword strings are manifest metadata only and are not referenced by code.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chain
    Trivial
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    0
    No findings.