Malicious code in time-format-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 168d334d742003cf94d8b87ba56cd72694081ade01f6814062e58ebdc47d8594 On npm install, the package's postinstall script decodes base64-encoded shell payloads and executes them via an obfuscated childprocess.exec lookup...