JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
After publicly touting pull request limits as a way to cut maintainer noise, GitHub is taking the same idea further with a new setting that lets repository admins restrict issue creation to ...