Imurmurhash.min.js: PUA.Win.Trojan.Xored-1 FOUND

Lars · March 25, 2025, 4:07pm

Hi!
When running ClamAV 1.3.1 i get the following:

Penpot2.5.2/penpot-backend-2.5.2.tar/blobs/…/opt/node_modules/imurmurhash.min.js: PUA.Win.Trojan.Xored-1 FOUND

I asked a “friend” and it indicate false positive, but also that there seem to be better alternatives to imurmurhash.min.js

Can you consider replacing imurmurhash.min.js with some other hashing library?

carolina.portugal · March 26, 2025, 2:02pm

Hello @Lars

Yes, this is a common false positive as you can see in here more information here: GitHub · Where software is built

Anyway, our team will look into it to decided if we need to take any actions or replacing the library. Thanks for reporting this.

Topic		Replies	Views
Penpot-backend container repeatedly restarting Self-host	3	195	January 21, 2025
Penpot reliability. HA proxy Self-host	0	332	December 21, 2023
How to develop penpot with podman (penpotman) Self-host	18	17577	April 1, 2024
Penpot in Podman Contribution	2	1167	July 18, 2023
Invitation only self-hosted setup Installation	3	837	December 13, 2022

Design as Code