Embedded executable is likely the build tool itself; high GitHub stars and forks indicate a legitimate project. No other malicious indicators.
No verification record available.
The evidence suggests a potentially benign package. While Evidence 0 highlights the presence of an embedded executable (esbuild), this is not inherently malicious. Esbuild is a well-known build tool, and its functionality often requires a compiled binary. The application/x-executable MIME type and the fact that it's named esbuild strongly suggest this is the expected executable for the tool. Evidence 1 shows a file extension mismatch, suggesting the file might not have the .exe extension (common on Windows), but rather an ELF extension (common on Linux/macOS). This is not unusual for cross-platform tools and doesn't indicate malicious behavior. The project's high star count (38498) and fork count (1176) on GitHub further support its legitimacy. The lack of other evidence (e.g., suspicious network activity, code analysis showing malicious behavior) strengthens the conclusion that this is a false positive. The absence of LLM-based analysis is noted, but the available evidence is strong enough to make a determination.
