Many of the malicious commits show as an author `github-actions <github-actions@github.com>`. Which means that they are authenticating as internal github CI/CD stuff and that there are so many of those that no possible automated tool can find the poison in the mountain of chaff.

So this is related to the Sept 2025 security breach of Github.

> The five repos carry 1,459 GitHub stars between them, mantine-datatable alone accounting for 1,225. Stars are a rough proxy for how many developers have the source checked out locally, which is the population this attack targets.

> Every commit: unsigned, github-actions identity, chore: update dependencies [skip ci], the same six-file footprint. A 49-second sweep across five repos is automation, not a human committing. This matches Shai-Hulud self-propagation: harvest a GitHub token with write access from a prior infection, then push the persistence payload into every repo the token can reach.

https://safedep.io/miasma-worm-ai-coding-agent-config-inject...

What it is doing: https://safedep.io/config-files-that-run-code/

I'm not related to those guys. That's the simplest detailed explanation of what is happening that I've found.