Malicious code in nottuff22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07035c6d64cbb510ca87260a3a3ca216e2ddfcffcb0ffba6d40ba9f8444c5e0f The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...