@rolldown/binding-linux-arm64-musl@1.0.0-beta.45 - Package Insights

@rolldown/binding-linux-arm64-musl

poor security hygiene

1.0.0-beta.4512,361668Source

Vulnerabilities

OpenSSF Scorecard

0.0

Overall security score out of 10

License

MIT

View full analysis

Summary

Low confidence YARA matches on .node file are not sufficient to classify the package as malware. Requires stronger evidence.

Details

The YARA rules libc_fake_number_val and semicolon_relative_path_high matched the .node file, but the confidence is low. These matches alone are not strong enough evidence to classify the package as malware. A non-standard libc reference could indicate an attempt to evade security measures, but without further evidence, it's not definitive. Similarly, relative paths are common.

Evidences

File	Title	Confidence
package/rolldown-binding.linux-arm64-musl.node	YARA rule 'libc_fake_number_val' matched file	Low
package/rolldown-binding.linux-arm64-musl.node	YARA rule 'semicolon_relative_path_high' matched file	Low

Analysis performed at Oct 27, 2025, 5:59 AMAnalysis by