This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
The package is not a malware due to YARA rule python_exec_complex matching javascript files, which is a known false positive.
The package is not a malware because the YARA rule python_exec_complex is matching javascript files. This is a known false positive and should not be used to classify the package as malware. There are multiple YARA matches, but they are all of the same type and known to be a false positive in this case.