Embedded executable found, but legitimate use cases exist. Published by reputable project with verified provenance. Insufficient evidence to flag as malware.
No verification record available.
The package @esbuild/linux-riscv64 contains an embedded executable file package/bin/esbuild. While this raises a potential security risk, there are legitimate use cases for embedding pre-compiled binaries within packages. The package is published by a reputable project evanw/esbuild with a high number of stars and forks. Also, the package has verified SLSA provenance. Without further evidence of malicious behavior, it is not possible to classify this package as malware.
