registry  /  node-fsagent  /  4.685.53

node-fsagent@4.685.53

chunk 4.685.53

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No executable path is established. The manifest stores opaque binary-like data in keywords, inert in this version.

Static reason
No blocking static signals were detected.
Trigger
Package metadata retrieval or installation; no lifecycle or runtime entrypoint exists.
Impact
No demonstrated execution, exfiltration, persistence, or destructive behavior.
Mechanism
Opaque data embedded in manifest keywords without an execution path.
Rationale
The nonfunctional package contains unexplained opaque data, warranting a warning. No concrete malicious execution chain supports a publish block.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • `package.json` has 274 opaque Base64-like keyword strings totaling 68,268 characters.
  • Decoded keyword concatenation is 51 KB of untyped high-entropy data, not readable metadata.
  • The package contains no functional source; `index.js` is empty.
Evidence against
  • `package.json` declares no scripts, entrypoints, dependencies, or exports.
  • No lifecycle hook, network endpoint, file write, shell execution, or credential access exists.
  • Only `package.json` and empty `index.js` are present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` has 274 opaque Base64-like keyword strings totaling 68,268 characters.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence