Contains embedded executable, but project is legitimate and provenance is verified. No strong evidence of malicious activity.
No verification record available.
The package @esbuild/win32-x64 contains an embedded executable esbuild.exe. While this raises a flag for potential security risks, the esbuild project itself is a legitimate and popular project with a high number of stars and forks on GitHub. The SLSA provenance is also verified. Embedding executables can be a legitimate practice for pre-compiled binaries. Therefore, without further evidence of malicious behavior, the package is not classified as malware.
