{"id":5374,"date":"2025-07-29T11:11:59","date_gmt":"2025-07-29T11:11:59","guid":{"rendered":"https:\/\/signmycode.com\/blog\/?p=5374"},"modified":"2025-07-29T11:14:33","modified_gmt":"2025-07-29T11:14:33","slug":"toptal-github-breach-exposes-critical-gaps-in-open-source-security","status":"publish","type":"post","link":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security","title":{"rendered":"Toptal GitHub Breach Exposes Critical Gaps in Open-Source Security"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In a stark reminder of the increasing risk to software supply chains, freelance talent platform Toptal is the latest high-profile organization impacted by a compromise of a GitHub account that led to the deployment of malicious npm packages with the capability to wipe developer machines and steal passwords.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The breach, first disclosed last week, has shocked the developer community and exposed serious flaws in <a href=\"https:\/\/signmycode.com\/blog\/what-is-github-top-github-security-best-practices-for-securing-your-repository\">repository security<\/a>, disclosure practices, and package ecosystem hygiene.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-breach-what-occurred\">The Breach: What Occurred?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-breach-toptal-github-account-publish-malicious-npm-packages\/\">According to reports<\/a>, Socket Security and others in the cybersecurity space, certain unidentified threat actors gained access to Toptal\u2019s organizational account within GitHub, allowing them administrative access to their internal repositories.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>With the administrative access, the actors:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Changed all of Toptal&#8217;s 73 private repositories to public<\/strong>, leaking sensitive internal code and projects.<\/li>\n\n\n\n<li><strong>Changed the common ci-pkg \u201cPicasso\u201d design system<\/strong> by inserting malicious scripts.<\/li>\n\n\n\n<li><strong>Launched 10 trojanized npm packages<\/strong> under the Toptal organization\u2019s namespace as if they were legitimate updates.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The compromised packages were:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>@toptal\/picasso-tailwind<\/em><\/li>\n\n\n\n<li><em>@toptal\/picasso-charts<\/em><\/li>\n\n\n\n<li><em>@toptal\/picasso-shared<\/em><\/li>\n\n\n\n<li><em>@toptal\/picasso-provider<\/em><\/li>\n\n\n\n<li><em>@toptal\/picasso-select<\/em><\/li>\n\n\n\n<li><em>@toptal\/picasso-quote<\/em><\/li>\n\n\n\n<li><em>@toptal\/picasso-forms<\/em><\/li>\n\n\n\n<li><em>@xene\/core<\/em><\/li>\n\n\n\n<li><em>@toptal\/picasso-utils<\/em><\/li>\n\n\n\n<li><em>@toptal\/picasso-typograph<\/em><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-payload-behavior\">Payload Behavior<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The malware contained two malicious scripts packaged in the package.json files of the compromised packages.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Preinstall Action:<\/strong> Exfiltrated GitHub CLI authentication tokens through a remote webhook.<\/li>\n\n\n\n<li><strong>Postinstall Action:<\/strong> Was attempting to delete all files on the victim&#8217;s computer using:<br><br>&#8211; sudo rm -rf &#8211;no-preserve-root \/ (Linux)<br>&#8211; rm \/s \/q (Windows)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This two-sided payload made the packages especially dangerous, with capabilities of credential stealing and total data loss, all executed silently while downloading as dependencies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Recommended:<\/strong> <a href=\"https:\/\/signmycode.com\/blog\/new-ci-cd-attack-in-pytorch-supply-chain-that-exploiting-github-self-hosted-action-runner\">Researchers Demo New CI\/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-impact\">The Impact<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before all were tracked and taken down, <strong>the malicious packages had been downloaded roughly 5,000 times<\/strong>. Developers with <a href=\"https:\/\/signmycode.com\/blog\/what-is-ci-cd-detailed-guide-on-ci-cd-pipeline\">CI\/CD pipelines<\/a> or auto-installation tools had a high susceptibility.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>While still ambiguous on the original vector of the compromise, security professionals suspect that it could have been due to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Phishing Attacks<\/li>\n\n\n\n<li>Compromised Credentials<\/li>\n\n\n\n<li>A Potential Rogue Insider<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-toptal-s-response-fast-though-silent\">Toptal\u2019s Response \u2014 Fast Though Silent<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Security company <a href=\"https:\/\/socket.dev\/blog\/toptal-s-github-organization-hijacked-10-malicious-packages-published\">Socket tells us that by July 23rd<\/a>, Toptal had deprecated the infected packages and rolled them back to the last known clean version. It appeared that Toptal&#8217;s rapid action mattered and may have saved a more widespread calamity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Toptal has yet to release a public disclosure or official statement, even 4 days after the breach.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Their lack of communication has earned criticism from parts of the security community, who argue that being transparent is key to helping protect the broader developer community.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-industry-wide-implications\">Industry-Wide Implications<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The incident follows an unsettling trend of <a href=\"https:\/\/signmycode.com\/blog\/software-supply-chain-attacks-notable-examples-and-prevention-strategies\">supply chain attacks<\/a> against open-source ecosystems such as npm, PyPI, and Visual Studio Code extensions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Just days before, Amazon&#8217;s VS Code &#8220;Q&#8221; extension was attacked through a malicious pull request inserting commands to delete user home directory contents, as well as cloud resources.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>There were a few strong takeaways:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Trust with repositories is weak \u2014 attackers are able to trust the familiar packages easily.<\/li>\n\n\n\n<li>Install scripts are still very dangerous tech, whether it will act as you expect or not.<\/li>\n\n\n\n<li>Security hygiene is still inconsistent at the organization level (access control, 2FA enforcement).<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Recommended:<\/strong> <a href=\"https:\/\/signmycode.com\/blog\/github-supply-chain-attack-expose-secrets-across-218-repositories\">GitHub Supply Chain Attack: CVE-2025-30066 and CVE-2025-30154 Expose Secrets Across 218 Repositories<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-developers-should-do\">What Developers Should Do?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Following the breach at Toptal, developers and teams affected by this incident are advised to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Immediately remove any affected npm packages (every version after 20 July).<\/li>\n\n\n\n<li>Revert to clean versions that were pulled before the attack.<\/li>\n\n\n\n<li>Rotate any GitHub CLI tokens or credentials that may have been exposed.<\/li>\n\n\n\n<li>Audit dependencies and lock known safe versions in package-lock.json.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Importantly, developers should also use &#8211;ignore-scripts whenever possible during install and monitor package behaviours using tools like Socket.dev, Snyk, or npm audit.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-lessons-for-the-ecosystem\">Lessons for the Ecosystem<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This breach serves as a reminder that we need:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Greater scrutiny of install scripts and auto-executed hooks in package registry.<\/li>\n\n\n\n<li>2FA, and audit logging for GitHub organizations, to be compulsory.<\/li>\n\n\n\n<li>Public incident disclosure procedures \u2014 to protect developer safety and maintain trust in the ecosystem.<\/li>\n\n\n\n<li>Better <a href=\"https:\/\/signmycode.com\/blog\/nist-supply-chain-security-guidance-for-ci-cd-environments\">CI\/CD hygiene<\/a> (e.g. signed commits, whitelisting dependencies, monitoring for anomalies).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">If you or your team have installed one of the affected packages, it is strongly recommended that clean versions from before the breach be used instead, and that any potentially compromised credentials, including access tokens to GitHub (and maybe other things), be rotated.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Prevent Software Supply Chain Attacks with <a href=\"https:\/\/signmycode.com\/digicert-software-trust-manager\">DigiCert Software Trust Manager<\/a>, an end-to-end solution that aims to protect your software development lifecycle with strong code signing, policy-based controls, and trusted identity validation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a stark reminder of the increasing risk to software supply chains, freelance talent platform Toptal is the latest high-profile organization impacted by a compromise of a GitHub account that led to the deployment of malicious npm packages with the capability to wipe developer machines and steal passwords. The breach, first disclosed last week, has&hellip; <a class=\"more-link\" href=\"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security\">Read More <span class=\"screen-reader-text\">Toptal GitHub Breach Exposes Critical Gaps in Open-Source Security<\/span><\/a> <\/p>\n","protected":false},"author":1,"featured_media":5376,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,457],"tags":[861],"class_list":["post-5374","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-code-signing-updates","category-developers-guide","tag-toptal-github-breach","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.6 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Toptal GitHub Breach: Hackers Published Malicious Packages on NPM<\/title>\n<meta name=\"description\" content=\"Unknown threat actors compromised Toptal\u2019s GitHub account to publish malicious NPM packages that exfiltrate credentials &amp; delete files.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Toptal GitHub Breach Exposes Critical Gaps in Open-Source Security\" \/>\n<meta property=\"og:description\" content=\"Unknown threat actors compromised Toptal\u2019s GitHub account to publish malicious NPM packages that exfiltrate credentials &amp; delete files.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security\" \/>\n<meta property=\"og:site_name\" content=\"SignMyCode - Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-29T11:11:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-29T11:14:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2025\/07\/toptal-github-compromised.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"912\" \/>\n\t<meta property=\"og:image:height\" content=\"453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/toptal-github-breach-exposes-critical-gaps-in-open-source-security\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/toptal-github-breach-exposes-critical-gaps-in-open-source-security\",\"name\":\"Toptal GitHub Breach: Hackers Published Malicious Packages on NPM\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/toptal-github-compromised.webp\",\"datePublished\":\"2025-07-29T11:11:59+00:00\",\"dateModified\":\"2025-07-29T11:14:33+00:00\",\"description\":\"Unknown threat actors compromised Toptal\u2019s GitHub account to publish malicious NPM packages that exfiltrate credentials & delete files.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/signmycode.com\\\/blog\\\/toptal-github-breach-exposes-critical-gaps-in-open-source-security\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#primaryimage\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/toptal-github-compromised.webp\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/toptal-github-compromised.webp\",\"width\":912,\"height\":453,\"caption\":\"Toptal\u2019s GitHub Organization Hijacked\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Toptal GitHub Breach Exposes Critical Gaps in Open-Source Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\",\"name\":\"SignMyCode - Blog\",\"description\":\"Code Signing News, Updates\",\"publisher\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#organization\",\"name\":\"SignMyCode.com\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/logo1.png\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/logo1.png\",\"width\":135,\"height\":86,\"caption\":\"SignMyCode.com\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Toptal GitHub Breach: Hackers Published Malicious Packages on NPM","description":"Unknown threat actors compromised Toptal\u2019s GitHub account to publish malicious NPM packages that exfiltrate credentials & delete files.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security","og_locale":"en_US","og_type":"article","og_title":"Toptal GitHub Breach Exposes Critical Gaps in Open-Source Security","og_description":"Unknown threat actors compromised Toptal\u2019s GitHub account to publish malicious NPM packages that exfiltrate credentials & delete files.","og_url":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security","og_site_name":"SignMyCode - Blog","article_published_time":"2025-07-29T11:11:59+00:00","article_modified_time":"2025-07-29T11:14:33+00:00","og_image":[{"width":912,"height":453,"url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2025\/07\/toptal-github-compromised.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security","url":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security","name":"Toptal GitHub Breach: Hackers Published Malicious Packages on NPM","isPartOf":{"@id":"https:\/\/signmycode.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#primaryimage"},"image":{"@id":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#primaryimage"},"thumbnailUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2025\/07\/toptal-github-compromised.webp","datePublished":"2025-07-29T11:11:59+00:00","dateModified":"2025-07-29T11:14:33+00:00","description":"Unknown threat actors compromised Toptal\u2019s GitHub account to publish malicious NPM packages that exfiltrate credentials & delete files.","breadcrumb":{"@id":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#primaryimage","url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2025\/07\/toptal-github-compromised.webp","contentUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2025\/07\/toptal-github-compromised.webp","width":912,"height":453,"caption":"Toptal\u2019s GitHub Organization Hijacked"},{"@type":"BreadcrumbList","@id":"https:\/\/signmycode.com\/blog\/toptal-github-breach-exposes-critical-gaps-in-open-source-security#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/signmycode.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Toptal GitHub Breach Exposes Critical Gaps in Open-Source Security"}]},{"@type":"WebSite","@id":"https:\/\/signmycode.com\/blog\/#website","url":"https:\/\/signmycode.com\/blog\/","name":"SignMyCode - Blog","description":"Code Signing News, Updates","publisher":{"@id":"https:\/\/signmycode.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/signmycode.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/signmycode.com\/blog\/#organization","name":"SignMyCode.com","url":"https:\/\/signmycode.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2021\/10\/logo1.png","contentUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2021\/10\/logo1.png","width":135,"height":86,"caption":"SignMyCode.com"},"image":{"@id":"https:\/\/signmycode.com\/blog\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/5374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/comments?post=5374"}],"version-history":[{"count":4,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/5374\/revisions"}],"predecessor-version":[{"id":5381,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/5374\/revisions\/5381"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/media\/5376"}],"wp:attachment":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/media?parent=5374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/categories?post=5374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/tags?post=5374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}