Malicious code in nottuff26 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d6f3663bcc4d41d4ec7b7e07a43f82567efbbab2cfb098d7227f0f0803e7577 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...