prism-jest package was removed by 8pm security team few years back but there is no mention of what exactly was present in the package that caused its removal

[thisisashwani]

I happened to land on a package named prism-jest in our of my codebases while doing a node version upgrade. On an accidental search, I realised that prism-jest had a severe vulnerability as per Github security advisory - GHSA-mj5j-3f4h-8rmp. I also see that this package was removed by npm security team because of the same - https://www.jsdelivr.com/package/npm/prism-jest.

So, I went ahead to this particular package present in my node_modules and tried to understand what exactly can be causing such a severe issue. It's a simple package with few lines of code. So, I am very curious to know what exactly was in the code that led to its removal. I have tried to search quite a bit on net regarding this, but there has not been anything I could find other than those two links.

I am not sure how to reach out to rpm security team for this, so starting here with this discussion.

[leobalter]

We can't share information beyond what's already public.