Malicious code ousted from PureScript’s npm installer – but who put it there in the first place?

Account hijacking claimed by some but it may just be a developer behaving badly

Another JavaScript package in the npm registry – the installer for PureScript – has been tampered with, leading project maintainers to revise their software to purge the malicious code.…

The Register – Security
Secure Hunter Anti -Malware