Joachim ViideIt's, uh, less than ideal that I'm allowed to claim a GitHub username like this.
You can create pretty convincing pull requests with something like this. Just sayin'.
Got this response from GitHub's vuln program: "Thanks for the submission! As noted on our website, typosquatting is out of scope and ineligible for reward under the GitHub bounty program." (https://bounty.github.com/ineligible#typosquatting)
Fair enough. But I wish something could be done, regardless of the reward.
alphakomet@jviide yea, especially since GitHub limits adding dependabot to teams granting direct push rights