Fortunately, it also appears to have gone undetected by many project maintainers, with only two imports of the backdoored version recorded – both by a single cryptocurrency project with just seven followers.

ha