registry  /  nodemon-eslint  /  0.0.1-security

nodemon-eslint@0.0.1-security

security holding package

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed attack surface is present in this extracted version. It is a metadata-only security holding package with no lifecycle hooks or executable entrypoints.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
No source-confirmed malicious behavior
Mechanism
No executable package behavior
Rationale
Direct inspection found only a manifest and a holding-package README, with no install-time or runtime code. The README's historical claim does not establish malicious behavior in this published placeholder version.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json contains only package metadata; no scripts or entrypoints.
    • Only packaged files are package.json and README.md.
    • README.md identifies this release as a security holding placeholder.
    • No executable code, dependencies, network endpoints, or install hooks found.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    NoLicense
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Low
    LowNo License