Researchers have identified 108 malicious packages and browser extensions planted across npm, Packagist, Go modules, and the Google Chrome Web Store as part of an ongoing supply chain campaign dubbed