This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Embedded executable, extension mismatch, and suspicious YARA rule match indicate potential malicious activity. High risk.
The package contains an embedded executable (package/bin/esbuild) which is unusual for a typical npm package. The file extension mismatch and the YARA rule match 'high_entropy_trailer' further raise suspicion, suggesting potential malicious activity or code injection. The combination of these factors indicates a high risk.