Comment on SSH keys stolen by stream of malicious PyPI and npm packages
mrwiggles@prime8s.xyz 11 months ago
And this is why you password protect your ssh keys
Comment on SSH keys stolen by stream of malicious PyPI and npm packages
mrwiggles@prime8s.xyz 11 months ago
And this is why you password protect your ssh keys
platypus_plumba@lemmy.world 11 months ago
It’s honestly crazy that tools like npm don’t force you to encrypt the tokens for the npm repos. They don’t even support it. Any stupid read_file() with http.post() can screw 1000 people.