The package @esbuild/netbsd-arm64 contains an embedded executable file package/bin/esbuild. While this raises a potential security risk, it can also be a legitimate use case for pre-compiled binaries. Since there is only one piece of evidence and no other indicators of malicious behavior, I cannot classify this package as malware.