I am uncovering what seems to be a massive widespread malware attack on @github.

• Currently over 35k hits [Corrected later in the thread from repositories to hits].
• So far found in projects including: crypto, golang, python, js, bash, docker, k8s
• It is added to npm scripts, docker images and install docs