Yeah, I'm having trouble spotting the "nasty". I'm not saying it's not there, but if someone more knowledgeable about malicious Javascript/Node could explain a bit that would be much appreciated.

Pretty convenient that the source was taken down before the blog was posted and it doesn't seem like we can get a hold of it.

Edit: MalwareBazaar doesn't seem to have a sample either.