This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
YARA rule python_exec_complex matched javascript files, which is likely a false positive. Confidence is low.
The package is not a malware because the YARA rule python_exec_complex is matching javascript files. This rule is designed to detect python code execution and should not trigger on javascript files. Also, the confidence level is low.