SafeDep
Install GitHub App
SafeDep
Install GitHub App

Summary

Lack of evidence of malicious code or behavior. Infrequent releases and low GitHub activity are not sufficient for malware classification.

Verification Record

No verification record available.

Details

Based on the provided evidence, there is no indication that the wcwidth package (version 1.0.1) is malicious. Evidence 0 highlights that the project has only released a few versions. While this could suggest immaturity or lack of maintenance, it's not inherently indicative of malicious intent. Many legitimate, small, or niche projects have infrequent releases. The low number of stars and forks on GitHub also points to a less popular project, which again, is not synonymous with malicious activity. Without further evidence such as suspicious code analysis (LLM or otherwise), YARA rule matches (acknowledging their inherent noise), or behavioral analysis showing harmful actions, classifying this package as malware is premature and unwarranted.

wcwidth@1.0.1Clean
Unverified
Analysed at: 3/7/25, 3:42 PM
Source: https://registry.npmjs.org/wcwidth/-/wcwidth-1.0.1.tgz
SHA256: 9f28cbc31e061ba4517fc3882357d4f43f00b14717e1f7ffa61656d7edbaa3a8
Confidence: Medium