Do You Know What Supply Chain Vulnerabilities Are?

When you push something to GitHub, it's automatically available there. So does GitHub put some block here on your repo to not show the latest commit? Because usually what I see people doing is that they commit, they push a commit with a secret and they realize they push that. But they're like bots running through GitHub harvesting those. The moment you push it, it's already distributed to some people or to shig it. It's really not good.