Summary

The package is not a malware. Low confidence YARA matches on common crypto functions, project has many stars/forks.

Verification Record

No verification record available.

Details

The package node-forge is not a malware. The YARA rules excessive_bitwise_math, unsigned_bitwise_math_excess, multi_decode_3 and very_high_entropy triggered on the package's files. These rules are low confidence and can be triggered by legitimate cryptographic code, especially in minified Javascript files. The project has a good number of stars and forks, indicating it is a popular and likely legitimate library.

Summary

The package is not a malware. Low confidence YARA matches on common crypto functions, project has many stars/forks.

Verification Record

No verification record available.

Details

node-forge@1.4.0Clean

Unverified

Analysed at: 3/24/26, 9:54 PM

Source: https://registry.npmjs.org/node-forge/-/node-forge-1.4.0.tgz

SHA256: bf9d7ca0d774235354697bd4b5e642af6505e7ce2066762c3b855138cf870820

Confidence: Medium