This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Package is likely malicious due to code obfuscation, arbitrary command execution via child_process.spawn, and suspicious postinstall script.
The package tensorflowjs version 0.7.0 is highly likely to be malicious due to several factors. The index.js and thanksinstall.js files contain obfuscated code, as indicated by the YARA rules js_char_code_at_substitution and js_hex_obfuscation. Furthermore, the LLM-based file evaluation service identifies thanksinstall.js as using obfuscation and executing arbitrary commands using child_process.spawn. The package.json file contains a postinstall script that executes node thanksinstall.js, which is a common technique used by malware to run malicious code after installation. These combined factors strongly suggest malicious intent.