They probably mean that the actual number of malicious repos is probably very hard to get.
The article reaches the 100K number by searching for repos with patches with a particular string contained in this specific attack, so it's likely missing many malicious repos that use different methods of infection.