{"id":27838,"date":"2019-07-15T15:48:25","date_gmt":"2019-07-15T15:48:25","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/30309\/Malicious-Code-Ousted-From-PureScripts-npm-Installer.html"},"modified":"2019-07-15T15:48:25","modified_gmt":"2019-07-15T15:48:25","slug":"malicious-code-ousted-from-purescripts-npm-installer","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/","title":{"rendered":"Malicious Code Ousted From PureScript&#8217;s npm Installer"},"content":{"rendered":"<p>Another JavaScript package in the <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.npmjs.com\/\">npm registry<\/a> &#8211; the installer for PureScript &#8211; has been tampered with, leading project maintainers to revise their software to purge the malicious code.<\/p>\n<p>After a week of <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/purescript\/npm-installer\/issues\/12\">reports of unexpected behavior<\/a>, software developer and PureScript contributor Harry Garrood on Friday published his <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/harry.garrood.me\/blog\/malicious-code-in-purescript-npm-installer\/\">account of the affair<\/a>.<\/p>\n<p>The installer, invoked by typing <code>npm i -g purescript<\/code> from the command line, was designed to install PureScript, a programming language that compiles to JavaScript, on the user&#8217;s system using the npm command line interface. It gets used about 2,000 times a week.<\/p>\n<p>According to Garrood, the installer was originally developed and maintained by Shinnosuke Watanabe (<a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/github.com\/shinnn\">@shinnn<\/a>), a developer based in Japan. The PureScript maintainers had disagreements with Watanabe about the upkeep of the installer and asked him to transfer the project to their control.<\/p>\n<p>&#8220;He begrudgingly did so,&#8221; explained Garrood in his post, noting that the 0.13.2 PureScript compiler release that debuted on July 5th is the first since the project team took over management of the installer package. And that&#8217;s where the problems started.<\/p>\n<p>The PureScript installer has dependencies also under the control of Watanabe, or rather it did until they were removed earlier this week: the npm packages <code><a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/npmjs.com\/package\/load-from-cwd-or-npm\">load-from-cwd-or-npm<\/a><\/code> and <code><a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/npmjs.com\/package\/rate-map\">rate-map<\/a><\/code>. Garrood says malicious code was introduced into each of these packages at separate times to break the recent revision of the PureScript installer \u2013 but not previous versions published by Watanabe.<\/p>\n<p>&#8220;@shinnn claims that the malicious code was published by an attacker who gained access to his npm account,&#8221; explained Garrood. &#8220;As far as we are aware, the only purpose of the malicious code was to sabotage the PureScript npm installer to prevent it from running successfully.&#8221;<\/p>\n<p>Compromised developer accounts represent an ongoing concern among all the software package registries. Earlier this month, a Ruby gem (package) <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/withatwist.dev\/strong-password-rubygem-hijacked.html\">was hijacked<\/a>. And in June, a vulnerability in an npm package was exploited <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2019\/06\/07\/komodo_npm_wallets\/\" rel=\"noopener noreferrer\">to steal cryptocurrency<\/a>, echoing <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/11\/26\/npm_repo_bitcoin_stealer\/\" rel=\"noopener noreferrer\">a similar incident<\/a> that came to light in November last year.<\/p>\n<p>But it&#8217;s not clear that Watanabe&#8217;s account was actually hijacked; this may just be a case of one developer lashing out at others over personal disagreements.<\/p>\n<p>Garrood implies that Watanabe is to blame for the security lapse but stops short of accusing him explicitly. He calls the compromise a malicious act without attributing it to anyone. At the same time, he cites behavior that&#8217;s difficult to explain \u2013 he claims that Watanabe deleted a GitHub issue post on July 9 made by developer Jolse Maginnis indicating that his <code>load-from-cwd-or-npm<\/code> package is breaking the installer.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2019\/06\/28\/shutterstock_262262012.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"A mole\"><\/p>\n<h2 title=\"Stuffed mole toys arrive at JavaScript biz after chief exec demands to know who was talking to El Reg\">NPM Inc settles union-busting complaints on third try \u2013 after CEO trolled for ordering internal mole hunt<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2019\/07\/02\/npm_abandons_settlement_talks\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>In his analysis of the malicious portion of <code>load-from-cwd-or-npm<\/code>, Garrood observes that the purpose of a specific conditional statement that had been added &#8220;seems to be to ensure that the malicious code only runs when our installer is being used (and not @shinnn\u2019s).&#8221;<\/p>\n<p>On Twitter, developer Vincent Orr chastised Garrood for insinuating that Watanabe is to blame, to which Garrood <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/twitter.com\/hdgarrood\/status\/1149755194219143170\">replied<\/a>, &#8220;I&#8217;ve deliberately not assigned any blame, just relayed facts.&#8221;<\/p>\n<p>Orr however suggests that&#8217;s inconsistent with mentioning Watanabe&#8217;s GitHub handle a dozen times.<\/p>\n<p><em>The Register<\/em> emailed Garrood and Watanabe seeking comment but we&#8217;ve not heard back.<\/p>\n<p>We&#8217;ve also asked NPM to elaborate on whether it has investigated the incident or taken any action against Watanabe based on these allegations. No word yet. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1842\/-7432\/balancing-consumerization-and-corporate-control?td=wptl1842\">Balancing consumerization and corporate control<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/30309\/Malicious-Code-Ousted-From-PureScripts-npm-Installer.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":27839,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[5312],"class_list":["post-27838","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Malicious Code Ousted From PureScript&#039;s npm Installer 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malicious Code Ousted From PureScript&#039;s npm Installer 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-15T15:48:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/malicious-code-ousted-from-purescripts-npm-installer.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Malicious Code Ousted From PureScript&#8217;s npm Installer\",\"datePublished\":\"2019-07-15T15:48:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/\"},\"wordCount\":580,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/malicious-code-ousted-from-purescripts-npm-installer.jpg\",\"keywords\":[\"headline,hacker,malware\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/\",\"name\":\"Malicious Code Ousted From PureScript's npm Installer 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/malicious-code-ousted-from-purescripts-npm-installer.jpg\",\"datePublished\":\"2019-07-15T15:48:25+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/malicious-code-ousted-from-purescripts-npm-installer.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/malicious-code-ousted-from-purescripts-npm-installer.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/malicious-code-ousted-from-purescripts-npm-installer\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Malicious Code Ousted From PureScript&#8217;s npm Installer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malicious Code Ousted From PureScript's npm Installer 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/","og_locale":"en_US","og_type":"article","og_title":"Malicious Code Ousted From PureScript's npm Installer 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-07-15T15:48:25+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/malicious-code-ousted-from-purescripts-npm-installer.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Malicious Code Ousted From PureScript&#8217;s npm Installer","datePublished":"2019-07-15T15:48:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/"},"wordCount":580,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/malicious-code-ousted-from-purescripts-npm-installer.jpg","keywords":["headline,hacker,malware"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/","url":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/","name":"Malicious Code Ousted From PureScript's npm Installer 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/malicious-code-ousted-from-purescripts-npm-installer.jpg","datePublished":"2019-07-15T15:48:25+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/malicious-code-ousted-from-purescripts-npm-installer.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/malicious-code-ousted-from-purescripts-npm-installer.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/malicious-code-ousted-from-purescripts-npm-installer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalware\/"},{"@type":"ListItem","position":3,"name":"Malicious Code Ousted From PureScript&#8217;s npm Installer"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=27838"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27838\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/27839"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=27838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=27838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=27838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}