Many supply chain attacks aim to run malware on the end-users machine to harvest authentication tokens, etc. So pretty much everyone here who is a developer is the target.