yossarian (1.3.6.1.4.1.55738)<p>this is pretty crazy to me: nearly 1 out of every 15 files *ever* uploaded to PyPI was published with Trusted Publishing, which we only enabled just over 2 years ago!</p><p>that points to both incredible growth in Python's packaging numbers and really remarkable adoption of Trusted Publishing, probably in a large part because of how we were able to make it the default in GitHub Actions.</p><p>(currently 984K files published with TP, out of approximately 15M uploaded over all time.)</p><p><a href="https://infosec.exchange/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://infosec.exchange/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pypi</span></a></p>
sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!
Administered by:
Server stats:
578active users
sigmoid.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#pypi
7 posts · 7 participants · 0 posts today
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> now blocks domain resurrection attacks used for hijacking accounts</p><p><a href="https://www.bleepingcomputer.com/news/security/pypi-now-blocks-domain-resurrection-attacks-used-for-hijacking-accounts/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/pypi-now-blocks-domain-resurrection-attacks-used-for-hijacking-accounts/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Gea-Suan Lin<p><a href="https://blog.gslin.org/archives/2025/08/20/12585/pypi-%e6%9c%80%e8%bf%91%e7%99%bc%e8%a1%a8%e7%9a%84%e4%bf%9d%e8%ad%b7%e6%a9%9f%e5%88%b6-%e9%98%b2%e6%ad%a2-domain-resurrection-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.gslin.org/archives/2025/0</span><span class="invisible">8/20/12585/pypi-%e6%9c%80%e8%bf%91%e7%99%bc%e8%a1%a8%e7%9a%84%e4%bf%9d%e8%ad%b7%e6%a9%9f%e5%88%b6-%e9%98%b2%e6%ad%a2-domain-resurrection-attack/</span></a></p><p>PyPI 最近發表的保護機制 (防止 Domain Resurrection Attack)</p><p><a href="https://abpe.org/tags/account" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>account</span></a> <a href="https://abpe.org/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://abpe.org/tags/cctld" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cctld</span></a> <a href="https://abpe.org/tags/domain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>domain</span></a> <a href="https://abpe.org/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>email</span></a> <a href="https://abpe.org/tags/gtld" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gtld</span></a> <a href="https://abpe.org/tags/mail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mail</span></a> <a href="https://abpe.org/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pypi</span></a> <a href="https://abpe.org/tags/rdap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rdap</span></a> <a href="https://abpe.org/tags/recovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>recovery</span></a> <a href="https://abpe.org/tags/resurrection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>resurrection</span></a> <a href="https://abpe.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://abpe.org/tags/tld" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tld</span></a> <a href="https://abpe.org/tags/whois" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>whois</span></a></p>
Hacker News<p>PyPI Preventing Domain Resurrection Attacks</p><p><a href="https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.pypi.org/posts/2025-08-18</span><span class="invisible">-preventing-domain-resurrections/</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> <a href="https://mastodon.social/tags/DomainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DomainSecurity</span></a> <a href="https://mastodon.social/tags/DomainResurrection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DomainResurrection</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/PythonCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PythonCommunity</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a></p>
Python Package Index<p>PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over <a href="https://fosstodon.org/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> accounts through password resets. <a href="https://fosstodon.org/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChain</span></a> <a href="https://fosstodon.org/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a><br><a href="https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.pypi.org/posts/2025-08-18</span><span class="invisible">-preventing-domain-resurrections/</span></a></p>
Sam Stepanyan :verified: 🐘<p>New supply-chain attacks hit open-source repos:<br><a href="https://infosec.exchange/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a>: termncolor & colorinal delivered multi-stage malware with Windows & Linux backdoors.</p><p><a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a>: packages redux-ace,rtk-logger posed as dev tools & job tests, stealing iCloud Keychain, browser data, wallets:<br> <a href="https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/08/mali</span><span class="invisible">cious-pypi-and-npm-packages.html</span></a></p>
SnackTraces<p>I have done it, posted my first app to test PyPI.</p><p><a href="https://test.pypi.org/project/stdiceroller/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">test.pypi.org/project/stdicero</span><span class="invisible">ller/</span></a></p><p>Try if you are interested. And any feedback, especially on the test PyPI package entry, is welcome and appreciated!</p><p><a href="https://hachyderm.io/@snacktraces/115045389951794135" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hachyderm.io/@snacktraces/1150</span><span class="invisible">45389951794135</span></a></p><p><a href="https://hachyderm.io/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://hachyderm.io/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pypi</span></a></p>
yossarian (1.3.6.1.4.1.55738)<p>super excited to have this land: you can now pull project status markers (PEP 792) from PyPI's APIs!</p><p><a href="https://blog.pypi.org/posts/2025-08-14-project-status-markers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.pypi.org/posts/2025-08-14</span><span class="invisible">-project-status-markers/</span></a></p><p><a href="https://infosec.exchange/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://infosec.exchange/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pypi</span></a></p>
Thomas Fricke (he/his)<p>How its going in <a href="https://23.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a></p><p>UNMASKING PHANTOM<br>DEPENDENCIES<br>WITH SOFTWARE<br>BILL-OF-MATERIALS<br>AS ECOSYSTEM-NEUTRAL<br>METADATA</p><p><a href="https://alpha-omega.dev/wp-content/uploads/sites/22/2025/08/Python-White-Paper-for-AO-3.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">alpha-omega.dev/wp-content/upl</span><span class="invisible">oads/sites/22/2025/08/Python-White-Paper-for-AO-3.pdf</span></a></p><p>First noticed that there are dependency issues in the interview with the <a href="https://23.social/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pypi</span></a> maintainer for the first time in 2021</p><p><a href="https://thomasfricke.de/pages/fossec/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">thomasfricke.de/pages/fossec/</span><span class="invisible"></span></a></p><p>Copied the numbers from <span class="h-card" translate="no"><a href="https://social.lfx.dev/@openssf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>openssf</span></a></span> to kick off the <span class="h-card" translate="no"><a href="https://mastodon.social/@sovtechfund" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sovtechfund</span></a></span> </p><p>This evolved nicely in the last years</p>
Some Bits: Nelson's Linkblog<p>pyx for Python: Company is starting a commercial package repository as an alternative to PyPI<br><a href="https://simonwillison.net/2025/Aug/13/pyx/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">simonwillison.net/2025/Aug/13/</span><span class="invisible">pyx/</span></a><br> <a href="https://tech.lgbt/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://tech.lgbt/tags/astral" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>astral</span></a> <a href="https://tech.lgbt/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pypi</span></a> <a href="https://tech.lgbt/tags/pyx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pyx</span></a> <a href="https://tech.lgbt/tags/vc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vc</span></a> <a href="https://tech.lgbt/tags/uv" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>uv</span></a> #+</p>
R.L. Dane :Debian: :OpenBSD: 🍵 :MiraLovesYou:<p><span class="h-card"><a href="https://fosstodon.org/@graves501" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>graves501</span></a></span></p><p>pipx makes stuff like that <em>mostly</em> painless, in my experience. As long as what you're looking for is registered on <a href="https://polymaths.social/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a>.</p>
Mike Fiedler, Code Gardener<p>Incident Report of the recent <a href="https://hachyderm.io/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> Phishing Campaign</p><p>TL,DR:<br>• PyPI was not breached<br>• PyPI users were targeted with phishing emails<br>• A single project saw uploads with malicious code and those releases have been removed</p><p><a href="https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.pypi.org/posts/2025-07-31</span><span class="invisible">-incident-report-phishing-attack/</span></a></p><p><a href="https://hachyderm.io/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://hachyderm.io/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://hachyderm.io/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a></p>
The New Oil<p>Hackers target <a href="https://mastodon.thenewoil.org/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> devs in <a href="https://mastodon.thenewoil.org/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> attacks using fake <a href="https://mastodon.thenewoil.org/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> site</p><p><a href="https://www.bleepingcomputer.com/news/security/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Andrii Kuznietsov<p>🥷 Python Software Foundation попередила розробників, що хакери намагаються викрасти їхні облікові дані за допомогою фішингових атак, використовуючи підроблений веб-сайт Python Package Index (<a href="https://social.kyiv.dcomm.net.ua/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a>). </p><p><a href="https://www.bleepingcomputer.com/news/security/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/</span></a></p>
⚯ Michel de Cryptadamus ⚯<p>Just released version 1.16.8 of The Pdfalyzer with a bunch of new and updated <a href="https://universeodon.com/tags/YARA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YARA</span></a> rules to scan <a href="https://universeodon.com/tags/PDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PDF</span></a> files for malicious content. Links in the quoted toot below.</p><p><a href="https://universeodon.com/@cryptadamist/114768170683991686" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">universeodon.com/@cryptadamist</span><span class="invisible">/114768170683991686</span></a></p><p><a href="https://universeodon.com/tags/ascii" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ascii</span></a> <a href="https://universeodon.com/tags/asciiArt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>asciiArt</span></a> <a href="https://universeodon.com/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://universeodon.com/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://universeodon.com/tags/detectionEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>detectionEngineering</span></a> <a href="https://universeodon.com/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://universeodon.com/tags/forensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>forensics</span></a> <a href="https://universeodon.com/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://universeodon.com/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://universeodon.com/tags/homebrew" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homebrew</span></a> <a href="https://universeodon.com/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://universeodon.com/tags/KaliLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KaliLinux</span></a> <a href="https://universeodon.com/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://universeodon.com/tags/malwareDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareDetection</span></a> <a href="https://universeodon.com/tags/malwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareAnalysis</span></a> <a href="https://universeodon.com/tags/openSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSource</span></a> <a href="https://universeodon.com/tags/pdf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pdf</span></a> <a href="https://universeodon.com/tags/pdfs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pdfs</span></a> <a href="https://universeodon.com/tags/pdfalyzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pdfalyzer</span></a> <a href="https://universeodon.com/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pypi</span></a> <a href="https://universeodon.com/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://universeodon.com/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://universeodon.com/tags/reverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseEngineering</span></a> <a href="https://universeodon.com/tags/reversing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reversing</span></a> <a href="https://universeodon.com/tags/Threatassessment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Threatassessment</span></a> <a href="https://universeodon.com/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threathunting</span></a> <a href="https://universeodon.com/tags/yaralyze" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yaralyze</span></a> <a href="https://universeodon.com/tags/yaralyzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yaralyzer</span></a> <a href="https://universeodon.com/tags/YARA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YARA</span></a> <a href="https://universeodon.com/tags/YARArule" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YARArule</span></a> <a href="https://universeodon.com/tags/YARArules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YARArules</span></a></p>
Python Rennes<p><a href="https://social.breizhcamp.org/tags/cybers%C3%A9curit%C3%A9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersécurité</span></a> <a href="https://social.breizhcamp.org/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <span class="h-card" translate="no"><a href="https://fosstodon.org/@pypi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>pypi</span></a></span><br>Une attaque de phishing est en cours pour voler les identifiants de connexion des personnes ayant des paquets sur <a href="https://social.breizhcamp.org/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a>. Les emails sont envoyés avec une petite coquille discrète dans l'adresse email d'expédition : noreply@pypj.org (pypi -> pypj). À noter que la plateforme elle-même n'a pas été attaquée.</p><p>- <a href="https://blog.pypi.org/posts/2025-07-28-pypi-phishing-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.pypi.org/posts/2025-07-28</span><span class="invisible">-pypi-phishing-attack/</span></a><br>- <a href="https://fosstodon.org/@ThePSF/114931492211259669" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fosstodon.org/@ThePSF/11493149</span><span class="invisible">2211259669</span></a></p>
TechnoTenshi :verified_trans: :Fire_Lesbian:<p>Popular Python package <code>num2words</code> v0.5.15 was flagged as compromised after being published without a GitHub tag. Linked to the "Scavenger" threat actor, it was quickly removed from PyPI. Projects using automated tools may have already pulled the malicious version. Check and downgrade if needed. </p><p><a href="https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">stepsecurity.io/blog/supply-ch</span><span class="invisible">ain-security-alert-num2words-pypi-package-shows-signs-of-compromise</span></a></p><p><a href="https://infosec.exchange/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://infosec.exchange/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
Matthew Martin<p>Okay, someone already implemented my idea (independently) to check npm packages for vulnerabilities before installation.</p><p>Now someone needs to make the <a href="https://mastodon.social/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> version so you can see if a package is dodgy before you install in from <a href="https://mastodon.social/tags/pypi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pypi</span></a> </p><p><a href="https://github.com/lirantal/npq" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/lirantal/npq</span><span class="invisible"></span></a></p>
Seth Larson<p>🚨 Be aware there's a potential phishing campaign likely targeting <a href="https://mastodon.social/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> / <a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> package maintainers:</p><p><a href="https://discuss.python.org/t/phishing-attack/100267" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">discuss.python.org/t/phishing-</span><span class="invisible">attack/100267</span></a></p>
bignose<p>I just received a <a href="https://fosstodon.org/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scam</span></a> email from a <a href="https://fosstodon.org/tags/TypoSquatter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypoSquatter</span></a>. Sender: noreply@pypj.org</p><p>They're hoping I don't notice the typo for <a href="https://fosstodon.org/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> (the <a href="https://fosstodon.org/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> package index), and asking me to “follow this link to verify your email address”.</p><p>Don't follow the link, just mark the message as spam and delete it.</p><p>Be careful out there.</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload