Which versions of prisma-callback are malicious?

The following npm versions of prisma-callback are flagged malicious: 1.0.0, 1.0.3, 1.0.4, 1.0.5. Treat any of these as compromised.

How do I remediate prisma-callback if I installed it?

prisma-callback is a typosquat — you almost certainly intended a legitimately-named package. Remove prisma-callback, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.

I already installed prisma-callback — how do I know if it already compromised me?

If prisma-callback was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is prisma-callback part of a known attack campaign?

Yes — prisma-callback is associated with the IN-MAL-2026-002719, IN-MAL-2026-002721, IN-MAL-2026-002720, IN-MAL-2026-002718 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find prisma-callback across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for prisma-callback (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging prisma-callback across your stack and pipelines.

Malicious package

prisma-callbacknpm

Malicious code in prisma-callback (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-3770

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall prisma-callback

What this malware does

[email protected] is a name-confusion package against the genuine prisma ORM. Its package.json declares "preinstall": "node./scripts/only-allow-pnpm.js pnpm"; despite the misleading filename, that script dispatches on os.arch() and unconditionally executes one of two Go binaries shipped at the tarball root — prisma-amd64 (sha256 7255674131eee4a4b9adb12196a1b66e3faad9ee60740ab01b4d4e91bf8a30a8, 1,597,624 bytes) or prisma-arm64 (sha256 270769b70e1fe3718243e5f2f4655d9dd5d3b9f6e7217919d724859f7d6a66db, 2,162,872 bytes) — via child_process.execSync with inherited stdio, running under whatever privileges npm install holds. Neither binary exists in the genuine Prisma source tree; both are opaque compiled artifacts the installer cannot inspect or verify. To lower scrutiny, the tarball ships a verbatim copy of the real Prisma monorepo (README badges, issue templates, and every sub-package's package.json point at github.com/prisma/prisma), and the preinstall script carries a // This script is safe — it's only used for testing purposes. comment to discourage review. The structural signals — typosquat of a top-tier OSS package + undeclared opaque native binaries + preinstall-time execution without integrity verification + deliberate misdirection via filename, comment, and legitimate-looking cover source — are jointly unambiguous.

Malicious versions

4 flagged

1.0.01.0.31.0.41.0.5

Indicators of compromise (SHA-256)

1aab2820bfb9036995418ba2b36887f8970d7deaa69d8bc4aa24e36266bf18d1

62be29d2f9abe77cef6476832d0b374e005837261dd463c9a8cb050264d09c12

824aa4cb44af4f45df5c6cfe9c1164068a4fe79960461961025db0e2359b4f0c

f2f308e7edaeeb371dd02a2d7aa5d693ef8fba9db1d4121b0798986fcf492347

Detection & response playbook

Typosquat

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for prisma-callback (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging prisma-callback across your stack and pipelines.
If you installed it — respond
prisma-callback is a typosquat — you almost certainly intended a legitimately-named package. Remove prisma-callback, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.
Did it already run?
If prisma-callback was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks prisma-callback before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. prisma-callback on npm has been identified as a malicious package (versions 1.0.0, 1.0.3, 1.0.4, 1.0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-002719IN-MAL-2026-002721IN-MAL-2026-002720IN-MAL-2026-002718

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks prisma-callback-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring