registry  /  speed4  /  0.0.1-security

speed4@0.0.1-security

security holding package

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No confirmed attack surface exists in this package version. It contains metadata and a documentation-only security placeholder.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
No install-time or runtime package action.
Mechanism
No executable behavior
Rationale
Direct inspection shows speed4@0.0.1-security is a non-executable holding package. The README's historical statement does not establish malicious behavior in the inspected version.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md states this is a security holding package for a removed malicious package.
Evidence against
  • package.json has no scripts, dependencies, bin, or runtime entrypoints.
  • Package contains only package.json and README.md.
  • No executable source, network endpoint, file mutation, or payload is present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence