Avast detects 20.11.1 as malware

[ttodua]

What version of pkg are you using?

5.11.5

What version of Node.js are you using?

20.12.1

What operating system are you using?

Win 11

What CPU architecture are you using?

x64

What Node versions, OSs and CPU architectures are you building for?

windows

Describe the Bug

Expected Behavior

it shouldn't detect as virus

To Reproduce

you need to have avast free antivirus installed, then do pkg .

[ttodua]

btw, how can i tell pkg to use other version instead of 20.11.1 ?

[robertsLando]

Sincerly I don't think there is much we can do here

[robertsLando]

btw, how can i tell pkg to use other version instead of 20.11.1 ?

Specify another target or downgrade pkg to use older versions

[ttodua]

Specify another target

i use --target=win , what do you mean in different target plz?

downgrade pkg to use older versions

Do you see it an easy optionality to be added, to specific the version during packaging itself, so we could i.e. pkg --node-version 20.8.2? if it's easy thing to add I could pushed a PR, just I am not familiar with this repo and it might take me some time

[robertsLando]

actually it's not possible to provide a custom exec to use for the package but yeah you could send a PR if you want

[ttodua]

actually it's not possible to provide a custom exec to use for the package but yeah you could send a PR if you want

would you share 2 words - is it enough just to change the download file version, or it would also need to entail other logical changes across other files?

[ttodua]

also, should I seek that change pkg itself or or pkg-fetch?

[robertsLando]

I think it should be done on pkg side as pkg-fetch is used only to fetch the binary and in your case you want to override exactly this part

[AwesomeKalin]

It's just a false positive, they happen