This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Potential arbitrary code execution via eval in wasi-worker.mjs, but not enough evidence to classify as malware.
The provided evidence points to potential arbitrary code execution via importScripts in wasi-worker.mjs. The code reads and executes a file specified by the argument f using eval. While this pattern can be exploited, it's not definitive proof of malicious intent. Without further evidence, such as suspicious file paths or network activity, it's difficult to classify this package as malware. The use of eval is risky but not always malicious.