• ikidd@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    17 hours ago

    Many of the projects are backend dev tools, like the Atlas provider linked in the thread.

    • just_another_person@lemmy.world
      link
      fedilink
      arrow-up
      30
      ·
      edit-2
      16 hours ago

      But that’s not a supply chain attack. If projects or platforms are compromised and THEN their code is used by normal means of ingestion of said project, that would be a supply chain attack.

      These are unofficial channels created as forks of existing projects in an attempt to fool users into using these instead.