A 'normal consumer' won't be helped by such a technical list on github/gitlab. Do you really believe they would look there? If they wanted protection they could have installed Ad-blockers etc. long time ago already. (Or use more reputable shops)
Lots of people google the name of a webshop to check if it's legit.
Not all, but some non-tech people do that..
And lots of webshop owners google their own shop. Shaming sites that are hosting malware seems perfectly reasonable.
On topic: I assume github/gitlab both completely misunderstood what is going on, and thought this was a disclosure of security holes that could be exploited.
I wouldn't be surprised if they do a lot of these.
Perhaps try to throw it up on a few different CDNs where you pay for the service and can contact support. Like S3 or dreamhost (they have decent support too). Arguably github/gitlab isn't the best hosting platform for misunderstood journalists.
How long is the author going to check and update that list of compromised websites? Right now they are broken but in 6 months when the site gets upgraded it will be a knock against them unless the author updates the list. This is the real problem.