Severity: Critical
CVSS Score: 9.8
Version 3.0.2 of `load-from-cwd-or-npm` contains malicious code. The malware breaks functionality of the `purescript-installer` package by injecting targeted code. ## Recommendation Upgrade to version 3.0.4 or later. There is no indication of further compromise.