[teeray]

We’re not talking about security researchers here:

> there is lots to gain from being the first to write about the new malware on some registry, so *companies* are actively downloading and inspecting literally every package.

(Emphasis mine)

[weaksauce]

yeah security researchers at security companies are the ones we are talking about.

[john_strinlai]

>We’re not talking about security researchers here:

we are.

"companies" in this context is "security companies" (hence why they are "downloading and inspecting every package", which would not make sense if referring to the people authoring and shipping a single package)