8 pointsby 6mile3 hours ago1 comment
  • 6mile3 hours ago
    Because the Go and Packagist registries don't require additional publishing credentials like NPM and PyPI North Korean threat actors have been able to compromise legitimate packages via their PolinRider campaign.