Malicious code in hexo-shoka-swiper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62f045b55721408d94a92f5d65b58d69c98d3dc29d5f4f9327fb8edb4f85eaad The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...