This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Package contains DLLs, likely pre-compiled binaries for image processing, not enough evidence to classify as malware.
The package @img/sharp-win32-arm64 version 0.34.4 contains two embedded DLL files (libvips-42.dll and libvips-cpp-8.17.2.dll). While the presence of embedded executables raises a security concern, it's common for packages like this to include pre-compiled binaries for specific platforms. sharp is a popular image processing library, and these DLLs likely represent compiled components of the libvips dependency, optimized for the win32-arm64 architecture. Without further evidence of malicious behavior, the presence of these DLLs alone is insufficient to classify the package as malware.