This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Package contains a shared object file, likely part of the libvips library. Unusual extension, but not inherently malicious.
The package @img/sharp-libvips-linux-x64 version 1.2.3 contains a shared object file (libvips-cpp.so.8.17.2). While the extension .2 is unusual and triggers an "Extension Mismatch" warning, the file is still identified as an ELF executable. The libvips library is known to utilize shared object files for its functionality, making the embedded executable a legitimate part of the package. The absence of SLSA provenances and project information doesn't automatically indicate malicious intent, especially considering the nature of the package and the presence of a valid shared object file.