• just_another_person@lemmy.world
    link
    fedilink
    arrow-up
    35
    ·
    edit-2
    1 day ago

    But that’s not a supply chain attack. If projects or platforms are compromised and THEN their code is used by normal means of ingestion of said project, that would be a supply chain attack.

    These are unofficial channels created as forks of existing projects in an attempt to fool users into using these instead.