Comment by osa1
3 months ago
> They do not force re-auth when issuing an access token with publish rights, which is probably how the attackers compromised the packages
I'm surprised by this. Yeah, GitHub definitely forces you to re-auth when accessing certain settings.
No comments yet
Contribute on Hacker News ↗