PyPI, the Python Package Index, began evaluating ways to reduce the amount of identifying information that it stores even before the US Justice Department came asking for data on suspect users. But ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...

A limited number of usage scenarios is supported, including the PyPA guide example. See the non-goals for more detail. Trusted publishing cannot be used from within a reusable workflow at this time.

Python Package Index (PyPI) maintainers have temporarily suspended user sign-ups and package uploads due to an ongoing attack. This decision seems to be due to a recent surge of newly created rogue ...

This repository is a Github page used as a PyPi index, conform to PEP503. You can use it to group all your packages in one place, and access it easily through pip, almost like any other package ...

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The ...

A widely used PyPI package was recently compromised through a malicious update The attack leveraged a GitHub Actions workflow to push infostealer code into a release Maintainers quickly issued a clean ...

This article was originally published at https://jduabe.dev/posts/2021/pypi-publish/ and is licensed under Creative Commons SA-BY 4.0. Update (2024-03-08): Bump ...

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on ...