Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For (socket.dev) 17 points by feross 1y ago ↗ HN
[–] fastest963 1y ago ↗ The module cache should periodically get that the tag still matches the upstream repo. If it doesn't then show a warning when installing or on the docs page. [–] idlephysicist 1y ago ↗ It's kind of amazing that this periodic check has not been implemented already.
[–] idlephysicist 1y ago ↗ It's kind of amazing that this periodic check has not been implemented already.
3 comments
[ 3.0 ms ] story [ 20.6 ms ] thread