Powered by SafeDepPowered by SafeDepInsufficient evidence. YARA match is unreliable without LLM confirmation. Project's public nature suggests low risk.
No verification record available.
While Evidence 0 shows a YARA rule match suggesting potential malicious behavior (execution of code from a complex expression and the presence of $exec), the confidence is only MEDIUM. YARA rules are known to be noisy and produce false positives. Crucially, there's no LLM-based analysis provided, which would be the preferred method for assessing malicious code. The project itself (merge-descriptors) is hosted on GitHub with a reasonable number of stars and forks, indicating some level of community scrutiny and usage. The lack of further evidence, especially a lack of LLM analysis, prevents a definitive conclusion of malicious intent. The presence of exec alone is not sufficient evidence, as it's a legitimate function in JavaScript, albeit one that can be abused. Without further concrete evidence, labeling this package as malware would be premature and potentially a false positive.