registry  /  node-fsagent  /  4.685.62

node-fsagent@4.685.62

chunk 4.685.62

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed executable attack surface. The package has no install hook or runtime entrypoint, and its only code file is empty.

Static reason
No blocking static signals were detected.
Trigger
None identified.
Impact
No source-backed malicious behavior established.
Mechanism
Inert manifest metadata only.
Rationale
Despite anomalously large opaque keyword metadata, direct inspection found no path that executes or decodes it: no lifecycle scripts, entrypoints, dependencies, or code exist. This is an inert metadata payload rather than a demonstrated attack chain.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `package.json` contains 274 opaque base64-like keyword strings (68,268 characters).
  • Decoded keyword concatenation is binary data with no readable payload strings.
Evidence against
  • `package.json` has no lifecycle scripts, dependencies, entrypoints, bin, or exports.
  • `index.js` exists but is empty (0 bytes).
  • Package contains only `package.json` and empty `index.js`; no executable source or binary was found.
  • No network endpoints, filesystem actions, shell APIs, credential access, or agent-control writes were present in inspected source.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Low
Ai Review Evidence

`package.json` contains 274 opaque base64-like keyword strings (68,268 characters).

package.jsonView on unpkg

Findings

2 Low
LowAi Review Evidencepackage.json
LowAi Review Evidence