Did you know you could add packages on #PyPI to your RSS #feed? On the package's page, go to "Release History", right-click where it says "RSS feed" and copy the link, then paste it into your #RSS client. Now you'll be notified whenever a new version comes out.

Busy working on important refactoring and bug-fixes for SuricataLog. It's been a while and the project needs some love.

So far changes looking good.

#python #pypi #suricata #suricatalog

"Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers"

https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-developers/

#supplychain #security #pypi #npm #rubygems

Sad to see PGP support removed from #pypi; apparently not many other people were using it. :-( https://blog.pypi.org/posts/2023-05-23-removing-pgp/

So I've got two #python programs I'm interested in packaging for #pypi :

* [The suite of tools I made for 3D-printing experiments as part of my bsc. thesis](https://gitlab.com/papiris/motion-estimation)
* [The predator detection and alert system I'm currently working on](https://gitlab.com/papiris/predator-detect-and-notify)

There are hurdles in my mind keeping me from reworking and publishing. :blobfoxgooglyconfused:
Can someone tell me what needs to be done, and tell me to go do it?

Thanks!

#software #dev #adhd #mindHack #accountability

So cool, first person to report a serious bug on SuriCataLog!. Reproduced the bug, fixed it and uploaded to Pypi:

https://pypi.org/project/SuricataLog/

#python #pypi #suricata

「 "北朝鮮 のハッカーが新たな悪意のある #Python パッケージを #PyPI リポジトリに展開 」： The Hacker News

「3 つの不正な Python パッケージが Package Index (PyPI) リポジトリで発見され、北朝鮮 #VMConnect 国家支援の脅威アクターの関与を示す兆候が見られます。

ReversingLabs による調査結果は 、パッケージ tablediter、request-plus、およびrequestspro を検出した。 」

https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html

#prattohome #TheHackerNews

North Korean hackers behind malicious #VMConnect #PyPI campaign ⚠️

https://www.bleepingcomputer.com/news/security/north-korean-hackers-behind-malicious-vmconnect-pypi-campaign/

Stimmt schon, ist schei**e. Ähnliches Problem wie bei #PyPi auch. Aber man darf halt generell schon mal schauen was man so für Module runterlädt und ein bisschen research machen (finde ich).

https://www.bleepingcomputer.com/news/security/microsoft-powershell-gallery-vulnerable-to-spoofing-supply-chain-attacks/

Exciting news from #GitHub on integration with #PyPI secrets scanning

https://blog.pypi.org/posts/2023-08-17-github-token-scanning-for-public-repos/

#security #opensource

It still needs some work, but I'm delighted to announce that the beta of TEI-IIIF, a #Python package that transforms #TEI transcriptions into #IIIF annotation manifests is now available for download from #GitHub / #PyPi!

@IIIF #DigitalHumanities

https://github.com/JoshuaAPhillips/tei-iiif

Headline: Cloudflare being exploited for malicious activity

Article: Actual vulnerability is caused by a lack of moderation of third party Python packages

https://www.techradar.com/pro/cloudflare-tunnels-are-being-used-to-breach-networks

#cloudflare #python #PyPI #pip #programming

@pypi now requires #2FA for new user registrations in order to publish or create new projects. This is part of a broader effort to require 2FA for all users of #PyPI by the end of 2023.

#Python #Security #Opensource

https://blog.pypi.org/posts/2023-08-08-2fa-enforcement-for-new-users/

New Blog:

PyPI Requires 2FA for New User Registrations

https://blog.pypi.org/posts/2023-08-08-2fa-enforcement-for-new-users/

#pypi #python #security

I was able to detect this by seeing a large increase in downloads on https://pepy.tech/project/truststore?versions=%2A (thanks @psincraian !) 📈

Then using my #PyPI dependency dataset I could query for dependent packages: https://github.com/sethmlarson/pypi-data

「 #PyPI 上の偽の #VMware #vConnector パッケージは IT プロフェッショナルをターゲットにしています 」： BLEEPINGCOMPUTER

「VMware vSphere コネクタ モジュール「vConnector」を模倣した悪意のあるパッケージが、IT プロフェッショナルをターゲットに「 #VMConnect 」という名前で Python Package Index (PyPI) にアップロードされました。

VMware vSphere は仮想化ツール スイートで、vConnector は開発者やシステム管理者が使用するインターフェイス Python モジュールで、 PyPI 経由で毎月約 40,000 件ダウンロードされています。 」

#prattohome #BLEEPINGCOMPUTER

I'm not sure about your feelings, but when I develop a small package and push it to #pypi I get a bit anxious about criticism and people judging my initial work. The reality, however, is somewhat more disheartening: no one really cares. 😅 Nonetheless, I've published a new package: cff2pages. Here it is: https://pypi.org/project/cff2pages/ #opensource #openscience #rse

Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign https://www.developer-tech.com/news/2023/aug/04/malicious-pypi-package-ongoing-paperpin-campaign/ #pypi #python #coding #programming #cybersecurity #hacking #infosec #news #tech #technology

#uwsgi 2.0.22 is out and available for #python on #pypi with a bunch of fixes, a new graceful-harakiri functionality to let workers flush any eventual buffer before getting shut down (e.g. metrics, tracing)and recent ruby support. Full changelog here https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html

I ran into a #langchain bug that was just fixed yesterday. And the fix was already released on #pypi 😍 Who are these people?

(Yes, this should be standard practice, but it's not)