hdgarrood/malicious-code-purescript-npm-installer.md

Last active August 8, 2019 12:51

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/hdgarrood/5735886b7704389de5ef379413c00d78.js"></script>
Save hdgarrood/5735886b7704389de5ef379413c00d78 to your computer and use it in GitHub Desktop.

Raw

malicious-code-purescript-npm-installer.md

This gist previously contained a draft version of my post announcing the malicious code in the purescript npm installer.

You can now find the published post on my blog: https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer

Author

hdgarrood commented Jul 12, 2019

Ok. thanks. I also noticed that [email protected] is accompanied by a commit in GitHub which seems to indicate that it was published by someone with access to your github SSH key: shinnn/load-from-cwd-or-npm@5be252c. Was that commit made by you or was your github SSH key compromised as well?