I editorialized the title to include the version range of compromised packages for visibility.Also, worth mentioning that TeamPCP denies involvement, and instead points to a copycat using their name: https://xcancel.com/tradelots/status/2046928328066543832
