Shai
Source: Theregister
Published:
<p>A Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and announced a supply-chain attack competition on BreachForums.</p> <p>The poisoned package, chalk-tempalte, masquerades as an extension for the popular JavaScript terminal string sty