Here it is; see line 525: https://gist.github.com/davidrans/ca6e9ffa5865983d9f6aa00b7a...

Curious how you found that. Great find though. This is the exact line:

https://gist.github.com/davidrans/ca6e9ffa5865983d9f6aa00b7a...

I'm curious if they even know right now or if the code was being injected dynamically somehow. The post is sparse on the details.

Unfortunately archive.org last fetched the script in November last year: https://web.archive.org/web/2020*/https://codecov.io/bash

A quick diff against the current version doesn't show anything suspicios