This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
The YARA rule python_exec_complex matched a JavaScript file in an NPM package, which is a known false positive. Package is not malware.
The YARA rule python_exec_complex matched file package/dist/parser.js. However, the package is an NPM package, and the matched file is a JavaScript file. The rule python_exec_complex matching a non-python source file is a known false positive. Therefore, I cannot classify this package as malware.