registry  /  node-fsagent  /  4.685.55

node-fsagent@4.685.55

chunk 4.685.55

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No executable attack path is established. The package ships an opaque binary payload in metadata but no package code or manifest entrypoint consumes it.

Static reason
No blocking static signals were detected.
Trigger
None identified.
Impact
No activated behavior observed; the hidden payload is unexplained.
Mechanism
Inert opaque payload carrier in package metadata.
Rationale
No concrete malicious behavior can run from the inspected source, but the metadata-only opaque payload is abnormal and unresolved. Treat as a warning rather than a block.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Unknown with low false-positive risk.
Evidence for warning
  • package.json contains 274 base64-like keyword strings totaling 68,268 characters.
  • Concatenated keywords decode to opaque binary data with no recognizable header or useful strings.
  • index.js is empty; no source consumes the embedded data.
Evidence against
  • package.json has no scripts, bin, main, module, browser, or dependencies.
  • The package contains only package.json and an empty index.js.
  • No install-time hook, network endpoint, file access, shell execution, or credential handling is present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

package.json contains 274 base64-like keyword strings totaling 68,268 characters.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence