Summary

The package is not a malware because the YARA rule python_exec_complex matched on non-python source files, which is a known false positive.

Verification Record

No verification record available.

Details

The package is not a malware because the YARA rule python_exec_complex matched on non-python source files (index.cjs and index.js). This is a known false positive scenario. There is no other evidence to suggest that this package is malicious.

View Full Report

Summary

The package is not a malware because the YARA rule python_exec_complex matched on non-python source files, which is a known false positive.

Verification Record

No verification record available.

Details

View Full Report

@codemirror/language@6.12.3Clean

Analysed at: 3/25/26, 9:34 AM

Source: https://github.com/codemirror/language

SHA256: 4341555627ccc56ce43283a1d709d8fd04be6558025b408a525ed174290db59b

Confidence: Medium

Version

6.12.3

Vulnerabilities

OpenSSF Scorecard

2.0/10

License

MIT

Ecosystem

npm