Several supply chain attacks, notably in the Python and Javascript ecosystem, exploit install time hooks to perform malicious activity 1 2. Install time hooks allow running arbitray code before or after package installation. Since attacks utilizing install time hooks do not involve developers actually using the package, it makes them an attractive method for attackers. The most common behaviour observed in known supply chain attacks is data exflitration 1 2.. Common targets include ssh keys, passwords, dotfiles, environment variables etc....

Introduction Generative music is always fun and engaging, so I decided to build a simple MIDI sequencer to mess around. In this project, the sequencer sends a random note within a given octave every quarter bar (4/4) Because it’s so simple, the code provided will be very easy to extend as you please. See Bonus Setup project $ mkdir gen_seq $ cd gen_seq $ go mod init Sequencer $ touch main....