@rolldown/binding-wasm32-wasi@1.0.0-rc.15Clean

Unverified

Analysed at: 4/9/26, 2:47 AM

Source: https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.0-rc.15.tgz

SHA256: f43d2d20bf90a4ca841eb9b227e4b23553c0b65dd8c2eea39aa4cfb6288b2b19

Confidence: Medium

Summary

The package uses importScripts and eval, but this is a legitimate use case for bundlers to load plugins dynamically.

Verification Record

No verification record available.

Details

The package uses importScripts and eval which can lead to arbitrary code execution. However, the provided information states that this is a legitimate use case for bundlers to load plugins dynamically. Therefore, based on the available evidence and the provided context, the package is not classified as malware.