registry  /  nottuff4  /  0.0.1-security

nottuff4@0.0.1-security

security holding package

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed executable or install-time attack surface exists in this extracted version. The package is metadata and documentation only.

Static reason
No blocking static signals were detected.
Trigger
None.
Impact
None established.
Mechanism
No executable behavior.
Rationale
Static source inspection found no lifecycle hooks, entrypoints, dependencies, or executable files. This security-holder release has no concrete malicious behavior.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json contains only package metadata; no scripts, entrypoints, or dependencies.
    • README.md describes this version as a security holding placeholder.
    • Only package.json and README.md are present.
    • No execution, network, credential, shell, or agent-control primitives found.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chainNo supply-chain packaging signals triggered.
    Manifest
    NoLicense
    scanned 0 file(s), 0 B of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Low
    LowNo License