I am not saying this is the reason for this compromise but the sudden explosion of coding assistant like claude code, and tools like openclaw is teaching entire crop of developers (and users) that it is ok to have sensitive credentials .env files.

▲

ptx 6 hours ago | parent [-]

Where would you suggest putting the sensitive credentials?

	▲	_pdp_ 2 hours ago \| parent [-]
		Not in .env files next to your code that is exposed to supply chain risks.