registry  /  node-fsagent  /  4.685.52

node-fsagent@4.685.52

chunk 4.685.52

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No active attack surface is established. The manifest carries opaque binary data in `keywords`, but no package code loads or executes it.

Static reason
No blocking static signals were detected.
Trigger
No install or runtime trigger present.
Impact
No observed execution or exfiltration; payload is an unexplained staged carrier.
Mechanism
Inert opaque binary payload embedded in manifest metadata.
Rationale
No concrete malicious behavior executes in this package. The unexplained opaque payload is incompatible with a clean package and is flagged as a staged payload carrier.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • `package.json` has 274 opaque base64-like keyword strings.
  • Concatenated keywords decode to unrecognized binary data.
  • `index.js` is empty; the payload is inert in this package.
Evidence against
  • `package.json` defines no lifecycle scripts.
  • No `main`, `bin`, module, or dependency entrypoints exist.
  • No source invokes network, shell, filesystem, or dynamic execution APIs.
  • No install-time or import-time code is present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` has 274 opaque base64-like keyword strings.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence