> This detection was assigned to an embedded Windows executable file...<p>I think this should be enough to declare it "malware", no? Why would one put a Windows (or any other) executable into repository for Javascript packages except to be malicious?