UPDATE
GitHub is investigating the Tweet published Wed, Aug. 3, 2022:
  • No repositories were compromised
  • Malicious code was posted to cloned repositories, not the repositories themselves
  • The clones were quarantined and there was no evident compromise of GitHub or maintainer accounts