This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Embedded executable with extension mismatch, high entropy, and low project popularity suggest this package is likely malware.
The package contains an embedded executable (utf8.test) which is unusual for a string manipulation library. The file extension mismatch and the high_entropy_trailer YARA rule match further raise suspicion. The project's low popularity and few published versions add to the concern, suggesting potential malicious intent.