alt Hacker News> published manually via a stolen npm access token with no OIDC binding and no gitHead
So this and litellm one would’ve been preventable by proper config of OIDC Trusted Publishers.
> published manually via a stolen npm access token with no OIDC binding and no gitHead
So this and litellm one would’ve been preventable by proper config of OIDC Trusted Publishers.