Plus three other stealers in three other packages, all from the same scumbag A Shai Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and announced a supply chain attack competition on BreachForums. The poisoned package, chalk tempalte, masquerades as an extension for the popular JavaScript terminal string styling library Chalk. It now contains a clone of Shai Hulud, which TeamPCP published last week on GitHub after poisoning more than...
