Malicious code in nottuff27 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b836372198329677623bb152dc7db76b249d842c0d10a3ec94d9ce2ae467827 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...