This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Package uses eval for global context, exhibits obfuscation, and triggers python_exec_complex YARA rules, suggesting malicious intent.
The package @peculiar/x509 version 1.14.0 exhibits several suspicious behaviors that suggest it may be malicious. Specifically, the YARA rules python_exec_complex are triggered in x509.cjs.js and x509.es.js. While the rule name is misleading for javascript files, the matched string exec(pvtsutils.Convert.ToHex(guid)) indicates potentially dangerous code execution. Furthermore, the file x509.js triggers js_many_parseInt, suggesting obfuscation. Most importantly, the LLM Based File Evaluation Service flagged the use of eval in x509.js to obtain the global this context. Although the intention might be benign, eval introduces a significant security risk by allowing arbitrary code execution. The combination of obfuscation and eval makes the package highly suspect.