I just read an article on foojay - in info/advert for a tool that checks dependency updates for suspicious signs (https://foojay.io/today/this-dependency-update-looked-exactly-like-an-account-takeover/).
Initially, I thought, “that needs to be converted into a plugin”, and then I realised that there obviously already is one for dependency updates, so should this be something to be considered for adding to the versions plugin? What are people’s thoughts, and might this be something that a Google SoC participant might like to pick up? Later, Andy (lurker) The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th’ ann an Oilthigh Dhùn Èideann, clàraichte an Alba, àireamh clàraidh SC005336.
