This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
The package matched YARA rule multiple_gcc_high, indicating multiple GCC versions used. Insufficient evidence to classify as malware.
The YARA rule multiple_gcc_high matched the file rollup.linux-riscv64-gnu.node, indicating it was built with multiple versions of GCC. While unusual, this alone is not strong evidence of malicious intent. The other matched patterns $not_go_testdata_ranges_elf, $not_go_testdata, and $not_java are exclusion rules, which further reduces the confidence. Without additional evidence, it's not possible to classify the package as malware.