Closed dunn closed 7 years ago
Package/dependency managers are an attack vector; npm is the most notable but it's possible to exploit gem as well: http://incolumitas.com/2016/06/08/typosquatting-package-managers/
So this makes us a bit less vulnerable.
Doesn’t require a new release at this point.
The 'github' shortcut uses the insecure
git://
protocol.