Powered by SafeDepPowered by SafeDepSingle 'very_high_entropy' YARA match on .node file is insufficient. Rollup project is reputable with verified provenance.
No verification record available.
The package is not a malware because there is only one YARA rule match ('very_high_entropy') on a .node file. High entropy alone is not sufficient evidence to classify a package as malware. The package is published by a reputable project (rollup) with a high number of stars and forks, and it has verified SLSA provenance.