registry  /  node-fsagent  /  4.685.63

node-fsagent@4.685.63

chunk 4.685.63

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No install-time or runtime execution path is present. The only substantive content is an opaque binary payload embedded in package metadata.

Static reason
No blocking static signals were detected.
Trigger
None in the published package; a separate loader would be required.
Impact
No active impact is demonstrated, but the hidden payload is unexplained and unsuitable for a functional package.
Mechanism
Inert opaque payload carrier in package.json keywords.
Rationale
No concrete malicious execution chain exists, so blocking is not justified. The unexplained opaque payload warrants a warning rather than a clean verdict.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json stores 274 base64-like keyword strings totaling 51,200 decoded bytes.
  • The decoded data has no recognized file signature and is opaque binary.
  • The package has no apparent functional implementation beyond this opaque metadata.
Evidence against
  • package.json has no scripts, bin, main, module, browser, or dependencies.
  • index.js exists but is empty.
  • No executable source, network endpoint, credential access, shell use, or agent-control writes are present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

package.json stores 274 base64-like keyword strings totaling 51,200 decoded bytes.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence