The package @esbuild/darwin-x64 contains an embedded executable package/bin/esbuild. While this raises a security concern, it is not sufficient to classify the package as malware. The extension mismatch is a low confidence indicator. Without further evidence of malicious behavior, it's safer to assume this is a legitimate use case, such as a pre-compiled binary.