Summary

The package is not a malware because the YARA rule python_exec_complex matched on non-python source files, which is a known false positive.

Verification Record

No verification record available.

Details

The package is not a malware because the YARA rule python_exec_complex matched on non-python source files (index.cjs and index.js). This is a known false positive scenario. There are no other strong evidences to classify this package as malware.

View Full Report

Summary

The package is not a malware because the YARA rule python_exec_complex matched on non-python source files, which is a known false positive.

Verification Record

No verification record available.

Details

View Full Report

@codemirror/commands@6.10.3Clean

Analysed at: 3/19/26, 8:22 AM

Source: https://github.com/codemirror/commands

SHA256: 3cbd0e36ba6a0c9c02db4f40a537d2f3c678c1543a8ad14ec0bb720a6530c0c3

Confidence: Medium

Version

6.10.3

Vulnerabilities

OpenSSF Scorecard

2.0/10

License

MIT

Ecosystem

npm