Are GitHub creds any harder for malware to steal than NPM creds? I don't see how... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Ajedi32 4 months ago \| parent \| context \| favorite \| on: Shai-Hulud Returns: Over 300 NPM Packages Infected Are GitHub creds any harder for malware to steal than NPM creds? I don't see how that helps at all.

bpavuk 4 months ago [–]

well, if you talk about private SSH keys for Git operations and SSH/GPG keys for signing, then you'd better set up a passphrase on them, which GitHub strongly recommends. the passphrase will make it significantly harder to use the keys. so, as usual, It Depends (c)

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact