registry  /  node-fsagent  /  4.685.61

node-fsagent@4.685.61

chunk 4.685.61

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No active execution path is established. `package.json` carries an opaque encoded-looking metadata payload, making this an inert payload carrier with unclear future use.

Static reason
No blocking static signals were detected.
Trigger
No install-time or runtime trigger is declared.
Impact
No concrete execution or exfiltration behavior is present in this package version.
Mechanism
Opaque payload stored in manifest keywords.
Rationale
Source inspection found an unexplained inert payload but no activation mechanism or concrete harmful behavior. Treat it as suspicious metadata rather than confirmed malware.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Unknown with low false-positive risk.
Evidence for warning
  • `package.json` embeds a very large opaque base64-like payload in `keywords`.
  • The payload is not a normal keyword list and is unexplained by package metadata.
  • `index.js` is empty, so the payload is presently inert.
Evidence against
  • `package.json` has no lifecycle scripts, entrypoints, dependencies, or bin.
  • No executable source, network endpoint, credential access, shell use, or file mutation was found.
  • The package contains only `package.json` and an empty `index.js`.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` embeds a very large opaque base64-like payload in `keywords`.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence