[xghryro]

I suppose you think the maintainers shouldn’t have scrutinized those files? Please tell me it’s a joke.

[ab5tract]

The person who added the malicious blobs and signed the compromized archives was literally a maintainer of the project.

[account42]

Ok, go ahead and scrutinize those files without looking at the injection code that was never in the repo? Can you find anything malicious? Probably not - it looks like random garbage which is what it was claimed to be.