The package triggered a YARA rule for suspicious runtime dependency resolution, but it's insufficient to classify it as malware without more evidence.
No verification record available.
The YARA rule sus_dylib_tls_get_addr matched the nice.linux-x64-gnu.node file. This rule detects suspicious runtime dependency resolution using __tls_get_addr. While this is suspicious, it's not definitive evidence of malware. The *.node files are native addons for Node.js, and the matched string could be part of legitimate code for thread-local storage. Without further evidence of malicious behavior, it is not possible to classify this package as malware.
