ah yes, another supply chain attack. i'm sure the maintainers will do some hand-wringing and promise to do better, while nothing actually changes. https://www.reddit.com/user/CircumspectCapybara