This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
The package is not malware. The YARA rule sus_dylib_tls_get_addr match alone is insufficient to classify it as malicious.
The YARA rule sus_dylib_tls_get_addr matched the file sharp-linuxmusl-x64.node. This rule indicates suspicious runtime dependency resolution due to the presence of __tls_get_addr. While this function can be used in malicious contexts, it's also a legitimate function used for thread-local storage access in dynamically linked libraries. Without further evidence of malicious intent, such as code obfuscation, network activity, or file system modifications, it's not possible to classify the package as malware based solely on this YARA rule match. The sharp-linuxmusl-x64.node file is a compiled node module, and such modules often use dynamic linking and thread-local storage.