Malicious code in nottuff9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c6210eaca44901153bc909ce8f071e22124821bb4f3faaad1c2e9fb1189f46c The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...