YARA detected arbitrary code execution in index.cjs via exec(), a strong indicator of malicious intent despite moderate project popularity.
No verification record available.
The evidence suggests a high probability of malicious activity. While the project on GitHub has a moderate number of stars and forks, the YARA analysis reveals a critical finding: the detection of code execution from a complex expression within index.cjs using exec(cx.slice(start + 1, start + 31)). The presence of $exec further strengthens this suspicion. This indicates the potential for arbitrary code execution, a hallmark of malicious packages. The YARA analysis, although noisy, coupled with the suspicious code snippet, points towards malicious intent. The lack of LLM-based analysis does not negate this conclusion, as the YARA finding is sufficiently alarming. The code's obfuscation via slicing (cx.slice) further suggests an attempt to hide malicious behavior.
