Package contains an embedded executable, but has verified provenance and comes from a reputable project. Insufficient evidence for malware.
No verification record available.
The package @esbuild/netbsd-x64 contains an embedded executable file package/bin/esbuild. While this raises a potential security risk, there are valid use cases for embedding executables, such as pre-compiled binaries. The package is published by a project with a good reputation (39k+ stars, 1k+ forks) and has verified SLSA provenance. Without further evidence of malicious behavior, it's not possible to classify this package as malware.
