Detecting malicious Unicode

the rising awareness of supply chain attacks highlights the value of investing in tools used by those at the root of these supply chains.

Curl contributor James Fuller submitted a pull-request to the project in which he replaced an ASCII letter with a Unicode alternative in a URL. This was an eye-opener and the curl project decided to implement checks to detect malicious Unicode. They have added a CI job that scans all files and validates every UTF-8 sequence in the git repository. GitHub has been notified of the issue and is working on a fix.