I'd imagine the attacker published a new compromised version of their package, which the author eventually downloaded, which pwned everything else.

Their Personal Access Token must’ve been pwned too, not sure through what mechanism though

Don't hold your breath for an answer.