The link for this post uses a read-only front-end for Twitter, which can be easier to read for viewing a full Twitter thread. The Tweet that kicked off the thread is:

I am uncovering what seems to be a massive widespread malware attack on @github.

• Currently over 35k hits [Corrected later in the thread from repositories to hits].
• So far found in projects including: crypto, golang, python, js, bash, docker, k8s
• It is added to npm scripts, docker images and install docs