The package @types/node version 25.3.5 is not a malware. The YARA rules hardcoded_host_port_over_10k and hardcoded_ip_port matched the files node/http2.d.ts and node/quic.d.ts respectively. These files are type definition files (.d.ts). Hardcoded IP addresses and ports in type definition files are likely examples or placeholders for developers to use when implementing the actual functionality. These are not strong indicators of malicious activity, especially considering the package is from the definitelytyped project which has a high number of stars and forks, indicating a widely used and trusted source.