• just_another_person@lemmy.world
    link
    fedilink
    arrow-up
    33
    ·
    edit-2
    23 hours ago

    But that’s not a supply chain attack. If projects or platforms are compromised and THEN their code is used by normal means of ingestion of said project, that would be a supply chain attack.

    These are unofficial channels created as forks of existing projects in an attempt to fool users into using these instead.