It’s increasingly apparent that GitHub repojacking poses a legitimate risk to developers. Hackers can take advantage of users and companies changing their GitHub names by hijacking old repository names in the hopes that malicious files they add may be fetched by applications that use the code as a dependency.