I wonder how does this even works out in simple terms, like if a dev finds out that their creds have been stolen and published they would know that their system is compromised, so they have to reinstall the whole system locally? If they just change the password the worm is still rhere so it will steal the new password as well. But even if they would reinstall the whole system the worm is still somewhere there in the repo and will find it’s way back again, so what are the mitigations in such a case?

File names and directories🗿