Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System

Attackers are now exploiting npm’s binding.gyp build system to execute arbitrary code at install time—using obscure features, sandbox escapes, and hidden payloads that bypass traditional package.json script checks—making malicious code execution stealthier and far harder to detect in the software supply chain.