how does go deal with typosquatting?
Since I'm spending more time fiddling with go, I was interested in how go would deal with a malicious package once reported.
The answer is https://pkg.go.dev/vuln/ -- this issue is the third one down.
GO-2025-3451
Affects: github.com/boltdb-go/bolt
Published: Feb 05, 2025
The issues are reported by the govulncheck tool which I guess should be part of most go-related CI pipelines.
The source repo (github.com/boltdb-go/bolt) has also been disabled so it doesn't work for "go get" module retrieval.