[SlowMist Issues npm Supply Chain Attack Alert: 23 Packages Affected, Credentials from 408 GitHub Repositories Stolen] The SlowMist security team has issued an alert regarding a new variant of the Shai-Hulud/Miasma/Hades npm malware that is impacting the npm ecosystem. This variant is linked to the compromised npm developer account 'czirker.' The attack leverages a pre-configured `binding.gyp` file to execute malicious code during the `npm install` process. So far, 23 affected packages have been identified, including 'leo-logger,' which has a weekly download count of 3,140. As of the time the alert was issued, 408 affected GitHub repositories containing stolen credentials have been detected.