Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors. […]

from https://www.bleepingcomputer.com/news/security/codecov-begins-notifying-affected-customers-discloses-iocs/