Malicious code in nottuff17 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 072d84530e09f130a4d3ffb8f525b8bbcc0833f402ddfb66ebb39e9f85155a09 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...