registry  /  node-fsagent  /  4.685.59

node-fsagent@4.685.59

chunk 4.685.59

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No executable attack surface is confirmed. The only nonstandard content is opaque data stored in manifest keywords, but package source does not decode or use it.

Static reason
No blocking static signals were detected.
Trigger
No install-time or runtime trigger is present.
Impact
No observed credential access, filesystem mutation, network access, or code execution.
Mechanism
Inert manifest-resident encoded data with no package execution path.
Rationale
Source inspection found an empty `index.js` and a manifest with no entrypoint or lifecycle scripts. Opaque keyword data is suspicious-looking but inert within this package, with no concrete malicious chain.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `package.json` contains 274 opaque base64-like keyword strings (inert embedded payload data).
Evidence against
  • `package.json` has no `scripts`, `main`, `bin`, dependencies, or lifecycle hooks.
  • `index.js` is empty, so importing the package executes no JavaScript.
  • No process, filesystem, network, shell, or dynamic-code APIs appear in package source.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Low
Ai Review Evidence

`package.json` contains 274 opaque base64-like keyword strings (inert embedded payload data).

package.jsonView on unpkg

Findings

1 Low
LowAi Review Evidencepackage.json