Malicious code in testudo-pack (npm)
The npm package testudo-pack is byte-for-byte identical verified via diff to testis-pack from the same npm publisher ioa2102 [email protected], differing only in its install hook: postinstall: node index.js instead of preinstall. It presents itself as a small binary packing/checksum...