This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
The package contains a shared object, which is normal for native bindings. Verified provenance and no strong indicators of malicious intent.
The package @img/sharp-libvips-linuxmusl-arm64 contains a shared object file (libvips-cpp.so.8.17.2) which is an ELF executable. This is expected behavior for a library that provides native bindings. The extension mismatch is minor and doesn't indicate malicious intent. The SLSA provenance is also verified, adding confidence to the package's integrity. Therefore, the package is not considered malware.