registry  /  vor8zakon  /  0.0.1-security

vor8zakon@0.0.1-security

security holding package

AI Security Review

scanned 16h ago · by lpm-firewall-ai

No confirmed attack surface exists in this published package version. It contains metadata and a documentation-only holding notice.

Static reason
No blocking static signals were detected.
Trigger
None
Impact
No code runs or modifies data during install or runtime.
Mechanism
No executable behavior
Rationale
Direct inspection found a metadata-only security holding package with no lifecycle scripts or executable files. The README's historical statement does not establish malicious behavior in version 0.0.1-security.
Evidence
package.jsonREADME.md

Decision evidence

public snapshot
AI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md states this is a security holding package for previously removed code.
Evidence against
  • package.json contains only name, version, description, and repository metadata.
  • package.json has no scripts, entrypoints, dependencies, or bin declarations.
  • Package inventory contains only package.json and README.md.
  • No executable source, install hook, network client, file access, or dynamic-loading code is present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

2 Low
LowNo License
LowAi Review Evidence