This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Potential XSS, ReDoS, and dynamic code execution exist, but no conclusive evidence of malicious intent. Classifying as not malware.
The evidences suggest potential vulnerabilities like XSS, ReDoS, and dynamic code execution/import. However, these are potential vulnerabilities and require specific conditions to be exploited. There is no concrete evidence of malicious intent or active exploitation. Next.js is a widely used framework, and these findings are likely areas for improvement rather than deliberate malicious code. Therefore, I classify the package as not malware.