Imurmurhash.min.js: PUA.Win.Trojan.Xored-1 FOUND

Lars · March 25, 2025, 4:07pm

Hi!
When running ClamAV 1.3.1 i get the following:

Penpot2.5.2/penpot-backend-2.5.2.tar/blobs/…/opt/node_modules/imurmurhash.min.js: PUA.Win.Trojan.Xored-1 FOUND

I asked a “friend” and it indicate false positive, but also that there seem to be better alternatives to imurmurhash.min.js

Can you consider replacing imurmurhash.min.js with some other hashing library?

carolina.portugal · March 26, 2025, 2:02pm

Hello @Lars

Yes, this is a common false positive as you can see in here more information here: GitHub · Where software is built

Anyway, our team will look into it to decided if we need to take any actions or replacing the library. Thanks for reporting this.

Lars · April 4, 2025, 2:25pm

Thank you for clarifying and for looking into it further.
Thanks!

Topic		Replies	Views
Penpot-backend container repeatedly restarting Self-host	3	217	January 21, 2025
Penpot reliability. HA proxy Self-host	0	338	December 21, 2023
Penpot in Podman Contribution	2	1204	July 18, 2023
Invitation only self-hosted setup Installation	3	844	December 13, 2022
How to develop penpot with podman (penpotman) Self-host	18	17962	April 1, 2024

Design as Code