registry  /  rbxts-chrono  /  2.1.4

rbxts-chrono@2.1.4

TypeScript types for Chrono - Custom Character Replication for Roblox

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface in this package. Runtime behavior is a Roblox module wrapper around its declared dependency.

Static reason
One or more suspicious static signals were detected.
Trigger
Consumer requires the Roblox module at runtime.
Impact
No package-local persistence, exfiltration, destructive action, or remote execution is established.
Mechanism
Re-exports Chrono dependency modules.
Rationale
The Git dependency is a supply-chain consideration but not evidence of malicious behavior in the inspected package. The shipped code contains only type definitions and a direct Roblox dependency re-export wrapper.
Evidence
package.jsonsrc/init.luasrc/index.d.tsdefault.project.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json declares chrono-lua from a Git repository rather than npm.
Evidence against
  • package.json has no scripts or lifecycle hooks.
  • src/init.lua only imports and re-exports chrono-lua Roblox modules.
  • No network, filesystem, shell, dynamic-code, or credential APIs appear in package source.
  • src/index.d.ts is type declarations only.
  • default.project.json only maps the Roblox project tree to src.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
GitDependency
scanned 0 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Low
Ai Review Evidence

package.json declares chrono-lua from a Git repository rather than npm.

package.jsonView on unpkg

Findings

1 Medium1 Low
MediumGit Dependency
LowAi Review Evidencepackage.json