leblinux I came across an interesting security related article and I wanted to share it with you. read and enjoy! https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
Padre Oh nice! Well played, well played. I was under the impression that you have to specify where each "private" repo is, or it wont work. At least that's what we faced with composer.
samer Good to see the researchers got awarded some decent bounties. The damages would have been significant to the companies affected (and plenty of them are).
