Malicious code in nottuff19 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ac0f814bee9916273883e5915c6f74bbf75f08022175b094d98f52a6e6f562 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...