This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
YARA rule python_exec_complex matched a javascript file. Likely a false positive. Reputable project, verified provenance.
The YARA rule python_exec_complex matched a javascript file parser.js. This is likely a false positive. The package is also published by a reputable project with a high number of stars and forks on GitHub. The SLSA provenance is also verified.