All Xtext & Xtend versions before 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.
eclipse xtend
eclipse xtext