This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
Package is likely malicious due to code obfuscation, arbitrary command execution via child_process.spawn, and suspicious postinstall script.
Malicious package targeting TensorFlow users through typosquatting. Contains code designed to steal credentials and compromise developer systems.
Malicious NPM package masquerading as the legitimate TensorFlow.js library. Uses typosquatting to target developers installing TensorFlow dependencies. Contains malicious code designed to compromise development environments.
Note: This report is updated by a verification record
The package tensorflowjs version 0.7.0 is highly likely to be malicious due to several factors. The index.js and thanksinstall.js files contain obfuscated code, as indicated by the YARA rules js_char_code_at_substitution and js_hex_obfuscation. Furthermore, the LLM-based file evaluation service identifies thanksinstall.js as using obfuscation and executing arbitrary commands using child_process.spawn. The package.json file contains a postinstall script that executes node thanksinstall.js, which is a common technique used by malware to run malicious code after installation. These combined factors strongly suggest malicious intent.