Embedded executable found, but reputable project and verified provenance suggest legitimate use. Insufficient evidence for malware classification.
No verification record available.
The package @esbuild/linux-arm64 contains an embedded executable package/bin/esbuild. While this raises a flag, the package is published by a reputable project evanw/esbuild with a high number of stars and forks. Additionally, the package has verified SLSA provenance. Embedding executables is a valid use case for pre-compiled binaries. Therefore, without further evidence, it is not possible to classify this package as malware.
