Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel self-replicating credential-stealing code in yet another wave of a supply chain ...