When installing atom-beautify, Avira antivirus is picking up an HTML/ExpKit.Gen2 infection in the C:\Users\Name.atom.apm\registery.npmjs.org\which.cache.json file.

I suspect that it's Avira being over-sensitive but thought I'd pass it on.

Linking to other issue. Glavin001/atom-beautify#1532 (comment)

That's weird. I'm pretty sure it's not a virus, you can check out the source. The cached JSON file isn't even executable, so I wonder what kind of signature it's triggering.

the same issue with avira http://www.avira.com/en/support-threats-summary-product?tid=5424&threat=HTML%252FExpKit.Gen2&track=1 . Yesterday all has been fine.

I've sent it to Avira as a false positive. I skimmed through the file and it looked OK, perhaps the JSON is being treated as corrupt HTML by the AV.

Avira confirm it's clean, so a false positive at their end. :)

Great, Thanks! :)

I am having the same issue when i try to install angular cli. Am i in the safe side? Are you guys sure its only Avira acting out?

Yes. Definitely a false positive.

Future people coming to this thread and finding it locked: yes, node-which is definitely not a virus. (If you don't believe me, stop using my code! ;)