In another example of a supply chain attack, CodeCov (makers of a code coverage tool) got hacked back in February and their codebase was backdoored for 2 months before they noticed.
They have over 29000 customers - most of which are software creators - meaning those customers may also have been hacked by their use of Codecov.
Some of those “second order” impacted vendors are now discovering they were indeed hacked, HasiCorp Vault being one of the first to admit it
Doing a search on https://grep.app I see that the Brave Browser may use some of this codes features. Is Brave aware of this and has action been taken to mitigate any risks?