Joachim ViideIt's, uh, less than ideal that I'm allowed to claim a GitHub username like this.
You can create pretty convincing pull requests with something like this. Just sayin'.
Got this response from GitHub's vuln program: "Thanks for the submission! As noted on our website, typosquatting is out of scope and ineligible for reward under the GitHub bounty program." (https://bounty.github.com/ineligible#typosquatting)
Fair enough. But I wish something could be done, regardless of the reward.
alphakomet@jviide yea, especially since GitHub limits adding dependabot to teams granting direct push rights
Jared White (ResistanceNet β)@jviide oh dear. ohhh deearrr. π
Zalasur πΈπΊπ¦@jviide Holy shit.
AprazethImagine using one of the names of the slopmachines like this...
Even if the code is rubbish no one would notice (or check), and the majority would just merge it anyway as long as the tests succeeded.
Also, thanks for making me laugh out loud. And loathe Github even more.
EndlessMason@jviide
RIP your notifications, i guess
RIP your notifications, i guess
Marcel Waldvogel
fuzzyfuzzyfungus@jviide "Waiting for Badot"; a supply chain security tragicomedy...