Shai-Hulud worm copycats emerge after source code leak

The Shai-Hulud worm's source code leak has enabled rapid reuse: researchers observed copycat NPM packages (including chalk-tempalte, axois-utils, color-style-utils, and @deadcode09284814/axios-util) that steal developer credentials, upload stolen data to GitHub, and in one instance attempt to recruit systems into a DDoS botnet; the leak increases supply-chain and typo-squatting risk and defenders are urged to monitor dependencies and secure developer tokens and CI/CD credentials.