This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Single low confidence YARA match (js_hex_obfuscation) is insufficient to classify as malware. Obfuscation is not always malicious.
The package is not classified as malware due to the presence of only one YARA rule match (js_hex_obfuscation) with low confidence. While hex obfuscation can be a technique used to hide malicious code, it's also a common practice in legitimate JavaScript projects for code minification or protection. Without further evidence of malicious intent, it is not possible to classify the package as malware.