PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months.

https://securityaffairs.co/wordpress/80218/hacking/php-pear-site-hacked.html