Embedded executable found, but project reputation and verified provenance suggest legitimate use. Insufficient evidence to classify as malware.
No verification record available.
The package @biomejs/cli-linux-arm64 contains an embedded executable named package/biome. While the presence of an executable warrants caution, the package is published by a project with a substantial number of stars and forks on GitHub, suggesting a degree of community trust. Additionally, the SLSA provenance is verified. Without further evidence of malicious behavior, the presence of the executable alone is insufficient to classify the package as malware, as there are legitimate use cases for embedding executables.
