Package contains an embedded executable, but is published by a reputable project with verified SLSA provenance. Insufficient evidence to flag as malware.
No verification record available.
The package @esbuild/win32-arm64 version 0.27.2 contains an embedded executable esbuild.exe. While the presence of an executable warrants caution, the package is published by a reputable project esbuild with a significant number of stars and forks on GitHub. Additionally, the package has verified SLSA provenance. There is only one piece of evidence. Therefore, I cannot classify this package as malware.
