This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Single YARA match sus_dylib_tls_get_addr on .node file is not sufficient to classify as malware. Needs further investigation.
The YARA rule sus_dylib_tls_get_addr matched the file sharp-linux-arm.node. This rule detects suspicious runtime dependency resolution using __tls_get_addr. While this is suspicious, it's not definitive evidence of malware. The matched file is a .node file, which is a native addon for Node.js. It's possible that the use of __tls_get_addr is legitimate within the context of this addon for thread-local storage access. Without further evidence of malicious intent, it's not possible to classify this package as malware based on this single YARA rule match.