Insufficient evidence to classify as malware. Code execution via Function constructor is common, and YARA rule match is likely a false positive.
No verification record available.
The package is not a malware because, while there are two pieces of evidence, neither is strong enough to classify the package as malicious on its own. Evidence 0 suggests arbitrary code execution via the Function constructor, but this is a common pattern in many legitimate JavaScript applications, especially those dealing with dynamic code generation or SSR. Evidence 1 shows a YARA rule match for python_exec_complex in a JavaScript file, which is often a false positive. Since there is no other strong evidence, the package is not classified as malware.
