This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Package not classified as malware. Insecure random number generation and YARA matches are concerning but not conclusive.
The package is not a malware. While there are some concerning YARA rule matches like python_exec_complex and js_many_parseInt, these are low confidence. The python_exec_complex rule matching a Javascript file is often a false positive. The use of Math.random() for UUID generation is insecure, but it's a fallback mechanism and doesn't definitively indicate malicious intent. There is no strong evidence to classify this package as malware.