Demo: Server update hijack PoC (clean copy for video)
Clean copy for recording the exploit from step 1. Version: Start at 1.0.0, then 1.0.1 (no re-review). See STARTHERE.md for the exact commands to run in order.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Clean copy for recording the exploit from step 1. Version: Start at 1.0.0, then 1.0.1 (no re-review). See START_HERE.md for the exact commands to run in order.