Malicious code in nottuff20 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45385ab2d7ac9fcd5f37a9faa2824beba492422d1783deef1b9b153eda2e25d2 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...