{"id":2697,"date":"2022-04-07T10:36:56","date_gmt":"2022-04-07T10:36:56","guid":{"rendered":"https:\/\/gitprotect.io\/blog\/?p=2697"},"modified":"2022-12-01T10:57:22","modified_gmt":"2022-12-01T10:57:22","slug":"compromised-npm-packages-malware-and-github","status":"publish","type":"post","link":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/","title":{"rendered":"Compromised NPM Packages, Malware, and GitHub"},"content":{"rendered":"\n<p>Security professionals always have a lot of work to do. You may even get the impression that the number of things that have to be done grows more and more with time. Especially now, when in recent years the popularity of solutions based on external, dynamically loaded dependencies, such as entire libraries or individual functions, has grown. The popularity of NPM packages is also of great importance here. Currently, when creating an IT system, we are rarely entirely its authors, so we do not always have 100% control. External scripts may quite easily execute any malware.<\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">What is malware?<\/h2>\n\n\n\n<p>Malware is a fairly broad term referring to all programs that are harmful to our system or ourselves &#8211; its users. This slogan covers all kinds of viruses, trojans, spywares, keyloggers, and many other harmful types of software. A particularly popular type is ransomware, which blocks access to our systems (often by encrypting data) and then demands a ransom to unblock access. I recommend reading the <a href=\"https:\/\/gitprotect.io\/blog\/ransomware-attacks-on-github-bitbucket-and-gitlab-what-you-should-know\/\" target=\"_blank\" rel=\"noreferrer noopener\">Ransomware attacks on GitHub, Bitbucket, and GitLab<\/a> article to get a better insight into this topic.&nbsp;<\/p>\n\n\n\n<p>In December 2020 new malicious packages were found in NPM. Seemingly, these were sensible tools to make a database out of JSON files. Everything was cleverly prepared, and the packages felt legitimate. Unfortunately, their installation downloaded and launched a <strong>Trojan called njRAT<\/strong>, which made it possible to execute remote commands. This tool allows keylogging, access to the camera, stealing passwords stored in browsers, manipulating files, etc. Dangerous tool.<\/p>\n\n\n\n<p><strong>You can find <\/strong><strong>njRAT on GitHub<\/strong><strong> if someone is interested in it<\/strong>. The README file does, however, contain a warning:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/DBgV-iJ4zTRsUS9iuDC6tnV9NKyvrILREdzqlCwIv5XxPoLKnJX0xWrQKH5rHbM-njGciP3Mc-dzA3pgQF7Q7GFf93neEBPTH9aqocsnbIJSxzwjikwLRUHvvfMJRGaSrPtlHduu\" alt=\"\" width=\"650\" height=\"152\"\/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">NPM packages<\/h2>\n\n\n\n<p>Let&#8217;s explain what the NPM ecosystem really is and what GitHub has to do with it. Behind this inconspicuous name is a powerful tool that is part of the Node.js environment. The NPM registry is a kind of central repository for JavaScript packages. Actually, it is the largest one! It can be used to publish and share open-source software, but also to manage private, internal development by many organizations.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<p class=\"has-text-align-left\" style=\"font-size:22px\">Ready to safely store code in GitHub? Do the next best thing and <strong>secure it with the first professional GitHub backup<\/strong>.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button align=&quot;center&quot;\"><a class=\"wp-block-button__link has-background wp-element-button\" href=\"https:\/\/gitprotect.io\/sign-up.html\" style=\"border-radius:50px;background-color:#ff0300\" target=\"_blank\" rel=\"noreferrer noopener\">Start 14 days free GitProtect trial<\/a><\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>So, if we want to include a given package in our project, for example, \u201clodash\u201d (helps with arrays and numbers), just install it with <strong><em>npm install &lt;module&gt;<\/em><\/strong>. We can also add various dependencies to our project, in the package.json file. These dependencies would be installed together with the project.&nbsp;<\/p>\n\n\n\n<p>It is both a blessing and a curse for such a solution. It is easy to imagine a situation when our project has external libraries connected, which suddenly stop working as we expect. These may be deliberate actions by their creators, although this is unlikely. Rather, the real threat is that these external dependencies would be compromised and the authors would lose control of them. As a result, our NPM module installation would download infected packages, and we can call that scenario a NPM malware vulnerability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How NPM is vulnerable to malware and what GitHub does about it<\/h2>\n\n\n\n<p>GitHub is aware of <strong>potential NPM security issues<\/strong>. You don&#8217;t have to look far for evidence. At the end of 2021, a serious vulnerability was discovered that would have allowed the publication of malicious versions of any package on the NPM registry. Any existing package! That&#8217;s crazy. This was due to an authorization problem in the microservice architecture. User validation worked fine, however after this step the decision about which package to publish was made based on the content of the package file. This means that the request was validating for package A, but it was able to publish package B.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><a href=\"https:\/\/gitprotect.io\/sign-up.html\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/03\/LinkedIn-ads-template-1024x536.png\" alt=\"Get free trial\" class=\"wp-image-2555\" width=\"512\" height=\"268\" srcset=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/03\/LinkedIn-ads-template-1024x536.png 1024w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/03\/LinkedIn-ads-template-300x157.png 300w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/03\/LinkedIn-ads-template-768x402.png 768w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/03\/LinkedIn-ads-template-400x209.png 400w, https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/03\/LinkedIn-ads-template.png 1200w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/a><\/figure><\/div>\n\n\n<p>After discovering this vulnerability, GitHub began to require two-factor authentication for maintainers and admins of popular NPM packages. In addition, <strong>the NPM team is constantly working on improving security<\/strong>, among others by automatically monitoring newly published versions of packages to track any new NPM malware in real-time.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A harmless example<\/h2>\n\n\n\n<p>Dependence on external dependencies is something beneficial and normal in IT, but at the same time, we will never let go of the feeling that some outsider may mess up with our project. A quite recent example is the &#8220;protestware&#8221; &#8211; connected to the war in Ukraine. In the latest version of <em>node-ipc<\/em> module there is a change that creates a file with a call to peace and end of the war. <strong>It is a non-destructive example of NPM control<\/strong>, security, and vulnerability that impacts our projects.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The need to have a backup<\/h2>\n\n\n\n<p>As you can see, we can never fully rely on external dependencies. They are useful and drive the IT world, we absolutely should not stop using them. However, at the end of the day, we have to take care of our own safety. That is why we should always remember about backup and restore tools that can save our skin in a crisis situation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security professionals always have a lot of work to do. You may even get the impression that the number of things that have to be done grows more and more with time. Especially now, when in recent years the popularity of solutions based on external, dynamically loaded dependencies, such as entire libraries or individual functions, has grown. The popularity of NPM packages is also of great importance here. Currently, when creating an IT system, we are rarely entirely its authors, so we do not always have 100% control. External scripts may quite easily execute any malware.<\/p>\n","protected":false},"author":6,"featured_media":2699,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2697","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-github","post--single"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Compromised NPM Packages, Malware, and GitHub - Blog | GitProtect.io<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Compromised NPM Packages, Malware, and GitHub - Blog | GitProtect.io\" \/>\n<meta property=\"og:description\" content=\"Security professionals always have a lot of work to do. You may even get the impression that the number of things that have to be done grows more and more with time. Especially now, when in recent years the popularity of solutions based on external, dynamically loaded dependencies, such as entire libraries or individual functions, has grown. The popularity of NPM packages is also of great importance here. Currently, when creating an IT system, we are rarely entirely its authors, so we do not always have 100% control. External scripts may quite easily execute any malware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog | GitProtect.io\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XoperoSoftware\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-07T10:36:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-01T10:57:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tomasz Lisowski\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@GitProtectio\" \/>\n<meta name=\"twitter:site\" content=\"@GitProtectio\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tomasz Lisowski\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/\"},\"author\":{\"name\":\"Tomasz Lisowski\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/9437be55e0e82150a20247f63e2fef79\"},\"headline\":\"Compromised NPM Packages, Malware, and GitHub\",\"datePublished\":\"2022-04-07T10:36:56+00:00\",\"dateModified\":\"2022-12-01T10:57:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/\"},\"wordCount\":830,\"publisher\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png\",\"articleSection\":[\"GitHub\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/\",\"name\":\"Compromised NPM Packages, Malware, and GitHub - Blog | GitProtect.io\",\"isPartOf\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png\",\"datePublished\":\"2022-04-07T10:36:56+00:00\",\"dateModified\":\"2022-12-01T10:57:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#primaryimage\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png\",\"width\":1200,\"height\":600,\"caption\":\"Compromised NPM packages\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\/\/gitprotect.io\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Compromised NPM Packages, Malware, and GitHub\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#website\",\"url\":\"https:\/\/gitprotect.io\/blog\/\",\"name\":\"GitProtect.io Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/gitprotect.io\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#organization\",\"name\":\"GitProtect.io\",\"url\":\"https:\/\/gitprotect.io\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png\",\"width\":528,\"height\":528,\"caption\":\"GitProtect.io\"},\"image\":{\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/XoperoSoftware\/\",\"https:\/\/x.com\/GitProtectio\",\"https:\/\/www.linkedin.com\/company\/xopero-software\/\",\"https:\/\/www.youtube.com\/channel\/UCiEnl6n0mIO6w7twccz-l2w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/9437be55e0e82150a20247f63e2fef79\",\"name\":\"Tomasz Lisowski\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/tomasz-lisowski_avatar-96x96.jpg\",\"contentUrl\":\"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/tomasz-lisowski_avatar-96x96.jpg\",\"caption\":\"Tomasz Lisowski\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tomasz-lisowski-01366a75\/\"],\"url\":\"https:\/\/gitprotect.io\/blog\/author\/tomasz-lisowski\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Compromised NPM Packages, Malware, and GitHub - Blog | GitProtect.io","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/","og_locale":"en_US","og_type":"article","og_title":"Compromised NPM Packages, Malware, and GitHub - Blog | GitProtect.io","og_description":"Security professionals always have a lot of work to do. You may even get the impression that the number of things that have to be done grows more and more with time. Especially now, when in recent years the popularity of solutions based on external, dynamically loaded dependencies, such as entire libraries or individual functions, has grown. The popularity of NPM packages is also of great importance here. Currently, when creating an IT system, we are rarely entirely its authors, so we do not always have 100% control. External scripts may quite easily execute any malware.","og_url":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/","og_site_name":"Blog | GitProtect.io","article_publisher":"https:\/\/www.facebook.com\/XoperoSoftware\/","article_published_time":"2022-04-07T10:36:56+00:00","article_modified_time":"2022-12-01T10:57:22+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png","type":"image\/png"}],"author":"Tomasz Lisowski","twitter_card":"summary_large_image","twitter_creator":"@GitProtectio","twitter_site":"@GitProtectio","twitter_misc":{"Written by":"Tomasz Lisowski","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#article","isPartOf":{"@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/"},"author":{"name":"Tomasz Lisowski","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/9437be55e0e82150a20247f63e2fef79"},"headline":"Compromised NPM Packages, Malware, and GitHub","datePublished":"2022-04-07T10:36:56+00:00","dateModified":"2022-12-01T10:57:22+00:00","mainEntityOfPage":{"@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/"},"wordCount":830,"publisher":{"@id":"https:\/\/gitprotect.io\/blog\/#organization"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#primaryimage"},"thumbnailUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png","articleSection":["GitHub"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/","url":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/","name":"Compromised NPM Packages, Malware, and GitHub - Blog | GitProtect.io","isPartOf":{"@id":"https:\/\/gitprotect.io\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#primaryimage"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#primaryimage"},"thumbnailUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png","datePublished":"2022-04-07T10:36:56+00:00","dateModified":"2022-12-01T10:57:22+00:00","breadcrumb":{"@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#primaryimage","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2022\/04\/npm-post.png","width":1200,"height":600,"caption":"Compromised NPM packages"},{"@type":"BreadcrumbList","@id":"https:\/\/gitprotect.io\/blog\/compromised-npm-packages-malware-and-github\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/gitprotect.io\/blog\/"},{"@type":"ListItem","position":2,"name":"Compromised NPM Packages, Malware, and GitHub"}]},{"@type":"WebSite","@id":"https:\/\/gitprotect.io\/blog\/#website","url":"https:\/\/gitprotect.io\/blog\/","name":"GitProtect.io Blog","description":"","publisher":{"@id":"https:\/\/gitprotect.io\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gitprotect.io\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/gitprotect.io\/blog\/#organization","name":"GitProtect.io","url":"https:\/\/gitprotect.io\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/favicon-528x528-1.png","width":528,"height":528,"caption":"GitProtect.io"},"image":{"@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XoperoSoftware\/","https:\/\/x.com\/GitProtectio","https:\/\/www.linkedin.com\/company\/xopero-software\/","https:\/\/www.youtube.com\/channel\/UCiEnl6n0mIO6w7twccz-l2w"]},{"@type":"Person","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/9437be55e0e82150a20247f63e2fef79","name":"Tomasz Lisowski","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gitprotect.io\/blog\/#\/schema\/person\/image\/","url":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/tomasz-lisowski_avatar-96x96.jpg","contentUrl":"https:\/\/gitprotect.io\/blog\/wp-content\/uploads\/2023\/05\/tomasz-lisowski_avatar-96x96.jpg","caption":"Tomasz Lisowski"},"sameAs":["https:\/\/www.linkedin.com\/in\/tomasz-lisowski-01366a75\/"],"url":"https:\/\/gitprotect.io\/blog\/author\/tomasz-lisowski\/"}]}},"_links":{"self":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/2697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/comments?post=2697"}],"version-history":[{"count":8,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/2697\/revisions"}],"predecessor-version":[{"id":3507,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/posts\/2697\/revisions\/3507"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/media\/2699"}],"wp:attachment":[{"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/media?parent=2697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/categories?post=2697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gitprotect.io\/blog\/wp-json\/wp\/v2\/tags?post=2697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}