Y
Hacker News
new
|
ask
|
show
|
jobs
by
mohamedattahri
499 days ago
That's why I suggested govulncheck; it can keep a database of suspicious packages and issue a clear warning, and it can be locally check that the hash of tagged version you're using locally is the same on GitHub.