Malicious Go package removed from GitHub, but credential threat persistsscworld.com1 pointBender10 months ago