SafeDep
Install GitHub App
SafeDep
Install GitHub App

Summary

No evidence of malicious code or behavior. Few releases doesn't imply malware; many legitimate projects have few releases.

Verification Record

No verification record available.

Details

Based on the provided evidence, there is no indication that the is-interactive package (version 1.0.0) is malicious. Evidence 0 highlights that the project has only published a few versions. While this could suggest immaturity or lack of maintenance, it's not inherently indicative of malicious intent. Many legitimate open-source projects, especially smaller utilities, have a limited number of releases. The absence of other evidence like suspicious code, YARA rule matches (even with the caveat of their noisiness), or negative LLM analysis tips the scales towards benign. The project's presence on GitHub with a reasonable number of stars and forks further supports its legitimacy, although these metrics are not definitive proof of safety. Without further compelling evidence, classifying this package as malware would be a false positive.

is-interactive@1.0.0Clean
Unverified
Analysed at: 3/7/25, 3:36 PM
Source: https://registry.npmjs.org/is-interactive/-/is-interactive-1.0.0.tgz
SHA256: 2c848979d8554a2ef3bfb0d89edb1cce5d3ea6db3c4483434930daf86c198fa4
Confidence: Medium