registry  /  testdonotredeemit  /  0.0.1-security

testdonotredeemit@0.0.1-security

security holding package

AI Security Review

scanned 20h ago · by lpm-firewall-ai

No confirmed attack surface is present in the extracted package. The manifest has no lifecycle hooks or runtime entrypoints, and the only other file is documentation.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
No package code executes or modifies files.
Mechanism
metadata-only holding package
Rationale
Direct inspection found a two-file package containing only metadata and a historical security notice. The README's claim about prior malicious code is not evidence of malicious behavior in this published source.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md: historical claim that a prior package was removed.
Evidence against
  • package.json contains metadata only; no scripts or entrypoints.
  • Package inventory contains only package.json and README.md.
  • No executable files, dependencies, network code, or payload files found.
  • README.md is documentation only and has no executable mechanism.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence