Malicious code in nottuff21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fec8592c01e9729b2d3eff199c34b71f489e593a095226c95b237d35ccfcc6f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...