GitHub

Example PyPI (Python Package Index) Package & Tutorial / Instruction / Workflow for 2021

This is an example PyPI (Python Package Index) package set up with automated tests and package publishing workflow using GitHub Actions CI/CD. It is made primarily for GitHub + VS Code (Windows / Mac ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
GitHub

Scan PyPI for typosquatting

Check if there are potential typosquatters on a package you care about. Check if there are potential typosquatters on the most downloaded PyPI packages. Check if packages newly added to PyPI are ...
The Hacker News

Python's PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub ...
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
theregister

About half of Python libraries in PyPI may have security issues, boffins say

Boffins in Finland have scanned the open-source software libraries in the Python Package Index, better known as PyPI, for security issues and said they found that nearly half contain problematic or ...