Summary
The package contains a shared object file, which is expected for native bindings. Verified provenance and project popularity suggest it's not malware.
Details
The package @img/sharp-libvips-linux-ppc64 version 1.2.3 contains a shared object file libvips-cpp.so.8.17.2. The file is an ELF executable, which is expected for a library that provides native bindings. The extension mismatch .2 is unusual but not inherently malicious. Given the project's relatively high number of stars and forks, and the verified provenance, it is likely a legitimate package providing pre-compiled binaries. The embedded executable is part of the library's functionality and doesn't indicate malicious intent.
Evidences
| File | Title | Confidence | |
|---|---|---|---|
package/lib/libvips-cpp.so.8.17.2 | Embedded Executable | Medium | |
package/lib/libvips-cpp.so.8.17.2 | Extension Mismatch | Low |
Analysis performed at Analysis by