registry  /  node-fsagent  /  4.685.77

node-fsagent@4.685.77

chunk 4.685.77

AI Security Review

scanned 3h ago · by lpm-firewall-ai

`package.json` carries an opaque 51,200-byte binary payload encoded in metadata. No source path executes, decodes, writes, or sends that payload in this archive.

Static reason
No blocking static signals were detected.
Trigger
None identified; there is no lifecycle hook or runtime entrypoint.
Impact
No active execution or exfiltration is established, but the unexplained payload warrants a warning.
Mechanism
Inert opaque payload carrier in manifest keywords.
Rationale
No concrete malicious execution chain is present, so blocking is not justified. The large encoded binary payload in manifest metadata is anomalous and has no package-aligned purpose or activation path.
Evidence
package.jsonindex.js

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • `package.json` embeds 68,268 Base64 characters across 274 `keywords` values.
  • The decoded metadata payload is 51,200 bytes of opaque binary data.
  • The package has no apparent functional implementation beyond this encoded payload.
Evidence against
  • `package.json` has no lifecycle `scripts`, dependencies, or declared entrypoint.
  • `index.js` exists but is empty.
  • Only `package.json` and `index.js` are present; no executable loader or network code was found.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
Trivial
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` embeds 68,268 Base64 characters across 274 `keywords` values.

package.jsonView on unpkg

Findings

3 Medium
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence