dunn
commented
7 years ago Package/dependency managers are an attack vector; npm is the most notable but it's possible to exploit gem as well: http://incolumitas.com/2016/06/08/typosquatting-package-managers/
So this makes us a bit less vulnerable.
gkellogg
The 'github' shortcut uses the insecure
git://protocol.