mischnic
commented
1 year ago still unsure of why these large swc files are included.
These are native NAPI modules compiled from Rust using swc to transform Javascript.
Version 2.9.2 is fine: https://www.virustotal.com/gui/file/01bb2f4734fa447b85bde4db248d37df3149bea33db026a3329116d33cc440a8/detection You ran version 2.9.3: https://www.virustotal.com/gui/file/d98027704583e0a7ae6cba394e65c17d828f9d0b4926589eed01fa05584630d4/detection The currently nightly version is also fine: https://www.virustotal.com/gui/file/ca0e072b0d1301105524a0534f55100a141b8a9c34f9359921869c9372d1640a/detection
So I'm not sure whats going on
🐛 bug report
We use github hosted runners (based off https://github.com/actions/runner-images/blob/main/images/linux/toolsets/toolset-2204.json) for our build process and today one of those runners was flagged as having a malicious swc on it. This was flagged by AWS guardduty using the EKS runtime protection and looks like it was flagged by Bitdefender.
We pulled this binary off the host and submitted it for analysis to VT: https://www.virustotal.com/gui/file/d98027704583e0a7ae6cba394e65c17d828f9d0b4926589eed01fa05584630d4/detection
We also had Crowdstrike analyze it which gave it a "suspcious" score:
https://github.com/parcel-bundler/parcel/issues/8995
Based off the issue above we aren't sure why these are included but one of them is being flagged.
Guardduty Alert
We believe this is likely a false positive but still unsure of why these large swc files are included.