@img/sharp-win32-ia32@0.34.4 - Package Insights

@img/sharp-win32-ia32

poor security hygiene

0.34.431,3531,366Source

Vulnerabilities

OpenSSF Scorecard

6.7

Overall security score out of 10

License

Apache-2.0 AND LGPL-3.0-or-later

View full analysis

Summary

DLLs found, but likely related to image processing. Not enough evidence to classify as malware.

Details

The package @img/sharp-win32-ia32 version 0.34.4 contains DLL files (libvips-42.dll and libvips-cpp-8.17.2.dll). While the presence of embedded executables raises security concerns, it's common for packages, especially those dealing with image processing or native code, to include pre-compiled binaries. Without further evidence of malicious behavior, the presence of these DLLs alone is insufficient to classify the package as malware. The package name suggests it's related to sharp, a popular image processing library, which would legitimately require native binaries.

Evidences

File	Title	Confidence
package/lib/libvips-42.dll	Embedded Executable	Medium
package/lib/libvips-cpp-8.17.2.dll	Embedded Executable	Medium

Analysis performed at Sep 17, 2025, 1:20 PMAnalysis by