DuckDB NPM Account Compromised in Continuing Supply Chain Attack