@types/node is not malware. YARA matches in .d.ts files are likely examples, not malicious code. Published by trusted source.
No verification record available.
The package @types/node version 25.0.7 is not a malware. The identified YARA matches hardcoded_host_port_over_10k and hardcoded_ip_port are in .d.ts files, which are TypeScript declaration files. These files provide type information for existing JavaScript code and are not executable code themselves. The matched strings are likely examples or documentation within the type definitions, not malicious hardcoded connections. The package is published by definitelytyped with high stars and forks which makes it trustworthy.
