—

MAL-2026-6493

Malicious code in prism-silq (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6bb3e8b0ded57991e21f137aac7c905348a83f6be7914c4da619c18d2acd280c) The package ships a binding.gyp whose sources field uses GYP command-expansion syntax (<!(...)) at line 6. npm implicitly runs node-gyp rebuild whenever a binding.gyp is present, even without a declared install/postinstall script, and GYP evaluates <!(...) as a shell command during the configure step. This causes the embedded command to run automatically on every npm install, equivalent to a lifecycle hook executing attacker-controlled code on the installer's machine. This pattern abuses the native-addon build system to gain silent install-time code execution, and is not a legitimate native-extension build configuration.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / prism-silq

No fixed version published yet for prism-silq (npm). Pin to a known-safe version or switch to an alternative.

References

https://www.npmjs.com/package/prism-silq/v/1.0.1 [PACKAGE]