Malicious code in nottuff1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5133eecd8c40ac8e4617b364ea9710a03f88e60f8e2d1252a8ee539282da29e1 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...