Hacker News
- Investigating a backdoored PyPI package targeting FastAPI applications https://securitylabs.datadoghq.com/articles/malicious-pypi-package-fastapi-toolkit/ 32 comments
- PyPI package 'secretslib' drops fileless Linux malware to mine Monero https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero 60 comments
- A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI https://arxiv.org/abs/2107.12699 25 comments
- What to do about GPU packages on PyPI? https://discuss.python.org/t/what-to-do-about-gpus-and-the-built-distributions-that-support-them/7125 106 comments
- The Many Layers of Packaging: Why PyPI Isn't an App Store http://sedimental.org/the_packaging_gradient.html 32 comments
- How are you ever going to manage Python Packages? PyPi and pip http://blog.adku.com/2011/08/pip-python-package-management.html 16 comments
- 116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html 100 comments python
- SSH keys stolen by stream of malicious PyPI and npm packages https://www.bleepingcomputer.com/news/security/ssh-keys-stolen-by-stream-of-malicious-pypi-and-npm-packages/ 76 comments programming
- SSH keys stolen by stream of malicious PyPI and npm packages https://www.bleepingcomputer.com/news/security/ssh-keys-stolen-by-stream-of-malicious-pypi-and-npm-packages/ 14 comments webdev
- Native PyPI support in Pixi (conda package manager written in Rust) https://prefix.dev/blog/pypi_support_in_pixi 2 comments rust
- Native PyPI support in Pixi (conda package manager written in Rust) https://prefix.dev/blog/pypi_support_in_pixi 2 comments python
- Diving into PyPI package name squatting https://blog.orsinium.dev/posts/py/pypi-squatting/ 3 comments python
- A free public Conan package server with no gatekeeping, a la NPM, PyPI, or crates.io https://barbarian.bfgroup.xyz/create.html 10 comments cpp
- We scanned every NPM and PyPI package for malware with ChatGPT https://socket.dev/blog/introducing-socket-ai-chatgpt-powered-threat-analysis 24 comments netsec
- Packj sandbox for “safe installation” of PyPI packages https://github.com/ossillate-inc/packj/blob/main/sandbox/README.md 8 comments python
- PyPI packages hijacked after developers fall for phishing emails https://www.bleepingcomputer.com/news/security/pypi-packages-hijacked-after-developers-fall-for-phishing-emails/ 3 comments programming
- One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious https://www.darkreading.com/application-security/one-third-pypi-packages-mistakenly-flagged-malicious 3 comments python
- One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious https://www.darkreading.com/application-security/one-third-pypi-packages-mistakenly-flagged-malicious 3 comments programming
- Hundreds of PyPI and npm Packages Affected With Cryptominers https://techdator.net/pypi-npm-packages-cryptominers/ 88 comments python
- A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server. https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-aim-ddos-attacks-at-counter-strike-servers/ 81 comments programming
- 10 information-stealing packages found in the Python programming language repository, PyPI https://www.brytfmonline.com/10-information-stealing-packages-found-in-the-python-programming-language-repository-pypi/ 12 comments python
- PyPI package 'keep' mistakenly included a password stealer https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/ 67 comments programming
- CTX package on PyPI has been hacked https://old.reddit.com/r/Python/comments/uwhzkj/i_think_the_ctx_package_on_pypi_has_been_hacked/ 15 comments programming
- Introducing the Boto S3 Router Package on PyPI https://lakefs.io/introducing-the-boto-s3-router-package-on-pypi/ 2 comments python
- [P] open-source python library for making machine learning demos that runs in the browser or inside a jupyter notebook/google colab, package is available on PyPI https://gradio.app/ 4 comments machinelearning
- open-source python library for making a GUI that runs in the browser or inside a jupyter notebook (focus is for machine learning models but can work for other python apps as well), package is available on PyPI https://www.gradio.app/ 8 comments python
- 3 New Malicious Packages Found on PyPI https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2 46 comments python
- [Nix-shell] [Python] Install PyPI packages? https://search.nixos.org/packages?channel=21.05&from=0&size=50&sort=relevance&query=pypi 3 comments nixos
- Malicious PyPI Packages Stealing Credit Cards and Injecting Code https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/ 23 comments programming
- Malicious PyPI Packages Stealing Credit Cards and Injecting Code - Technical Analysis https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/ 24 comments netsec
- What to do about GPU packages on PyPI? https://discuss.python.org/t/what-to-do-about-gpus-and-the-built-distributions-that-support-them/7125 7 comments coding
- Hunting for Malicious Packages on PyPI https://jordan-wright.com/blog/post/2020-11-12-hunting-for-malicious-packages-on-pypi/ 8 comments netsec
- Published my first Python package to PyPI https://www.reddit.com/r/flask/comments/is5cpv/published_my_first_python_package_to_pypi/ 14 comments flask
- I am stupid proud of my first open source pypi package and needed someone to share it with https://www.reddit.com/r/learnprogramming/comments/crm4rb/i_am_stupid_proud_of_my_first_open_source_pypi/ 3 comments learnprogramming
- GreenWithEnvy (GWE) is changing package manager from PyPI to Flatpak https://www.reddit.com/r/linux_gaming/comments/amubox/greenwithenvy_gwe_is_changing_package_manager/ 10 comments linux_gaming
- The installation of a Python package from PyPi could have infected the machine of your Windows users with malware https://medium.com/@bertusk/cryptocurrency-clipboard-hijacker-discovered-in-pypi-repository-b66b8a534a8 9 comments sysadmin
- PyPi compromised by fake software packages http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ 117 comments linux
- Taking over 17000 hosts by typosquatting package managers like PyPi or npmjs.com http://incolumitas.com/2016/06/08/typosquatting-package-managers/ 233 comments programming
- Taking over 17000 hosts by typosquatting package managers like PyPi or npmjs.com http://incolumitas.com/2016/06/08/typosquatting-package-managers/ 137 comments netsec
- Look up Ubuntu, Arch, FreeBSD, Homebrew, PyPI, RubyGems, etc. packages simultaneously http://labs.floatboth.com/pkglookup/ 5 comments programming