Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP.
The list of identified packages is below -

chalk-tempalte (825 Downloads)
@deadcode09284814/axios-util (284 Downloads)
axois-utils (963 Downloads)
color-style-utils (934 Downloads)

"One of the packages (chalk-tempalte)



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html