The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
Dark Reading

Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox

Just a week after 10 malicious software packages were found nesting in the Python Package Index (PyPI) repository, several more have come to light, uncovered by different firms. It's becoming a bit of ...
InfoWorld

PDM: A smarter way to manage Python packages

Modern Python developers use virtual environments (venvs), to keep their projects and dependencies separate. Managing project dependencies gets more complex as the number of dependencies grows.