No, it's specifically the updates that were targetted. I'm unsure about the downloads but those too are presumably at risk.

> The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.