NeoPG starts as an opiniated fork of GnuPG 2 to clean up the code and make it easier to develop.
We want to provide a stable and extensible API for application developers, too.
Eventually, we will add new ways to use OpenPGP that make it accessible and usable.
This attack on GnuPG signature verification is specific to yarn, the package manager. It can give a powerful attacker the ability to replace the Yarn installation with arbitrary code. There are additional protections in place, so if you are using Yarn, you probably do not need to worry too much about it.
This attack on GnuPG signature verification is specific to pass, the Simple Password Store. It can give the attacker access to passwords and remote code execution.
This is another attack to spoof digital signatures specific to Enigmail.