Sharing this here to get awareness for devs because Discourse might be using one of the infected repo’s..
https://twitter.com/stephenlacy/status/1554697077430505473?s=20&t=6b3tOdjxaTUQIUXGTWLqmg
The infected repos are clones of the originals, the originals are OK.
We’re not aware of any impact to Discourse or our dependencies.
As @Mr.X_Mr.X mentioned, the tweet author has admitted that the findings were limited to forks/clones, rather than the true versions of dependencies:
Ah that is good to know. Better safe then sorry, haha. Felt this was a place where devs at least should be aware of the malware.
Welcome to internet! 