registry  /  nodemon-client  /  0.0.1-security

nodemon-client@0.0.1-security

security holding package

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed attack surface is established. The package has no lifecycle hooks or executable entrypoints.

Static reason
No blocking static signals were detected.
Trigger
None.
Impact
No source-backed malicious behavior identified.
Mechanism
Metadata-only holding package.
Rationale
Direct inspection found a two-file metadata/documentation-only package with no executable code or install-time behavior. The README's historical claim is not evidence of active malicious behavior in this published source.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` contains only package metadata; no scripts, dependencies, or entrypoints.
    • The complete package inventory contains only `package.json` and `README.md`.
    • No symlinks, executable source, install hooks, network code, or file/process operations are present.
    • `README.md` describes this as a security holding package but contains no executable content.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    NoLicense
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Low
    LowNo License