The YARA rule multi_decode_3 matched the file package/dist/emnapi-core.min.js. This rule detects multiple levels of decoding, which can be a sign of obfuscation used by malware. However, since there is only one YARA rule match, and the confidence is low, I cannot classify this package as malware. Obfuscation is also used legitimately to reduce the size of javascript files.