[gnomewascool]

Yes, the scope is not "35k existing GitHub repos are infected", since AFAICT all the infected repos are forks, so the title is misleading.

However:

1. The scale is pretty worrying. Given the total number of repos on GitHub (> 100M) it's a drop in the ocean, but still huge.

2. Typo-squatting on, say, PyPI or npmjs is certainly note-worthy, and this is a very similar attack.

3. At least some of the infected forks had several stars, some from ~ 5 year old accounts, so apparently some people were using them.

4. The original Twitter thread did note that infected forks were being created — it just didn't emphasise that this was the only attack surface, probably because the author didn't realise.