Posts Tagged: pypi
-
Detecting Malicious PyPI Packages: Typosquatting Attacks on requests, urllib3, and pillow
Detect typosquatting PyPI packages mimicking requests urllib3 pillow: low downloads, suspicious uploaders, few versions. Python supply chain security script queries PyPI API/stats, flags risks. Prevent supply-chain attacks – actionable audit steps, CI integration.
-
How to Verify PGP Signatures for Python Packages Downloaded with pip
Verify PGP signatures Python packages pip: GPG check PyPI .asc files for cryptography requests wheels. Manual supply chain security beyond pip hashes. Step-by-step gpg --verify guide, key import, troubleshooting. PyPI package signature verification 2026.
-
Poetry audit vs pip-audit vs safety: PyPI Vulnerability Coverage Comparison
We compare poetry audit, pip-audit, and safety CLI across vulnerability detection coverage, speed, data sources, output formats, and CI integration. Benchmarks on Flask, Django, and FastAPI projects reveal trade-offs for different workflows.
-
Securing Your Python Supply Chain: Scanning poetry.lock for Compromised Maintainers
A script to check poetry.lock files for packages maintained by known compromised PyPI accounts. Queries PyPI API and cross-references a curated list; suitable for CI/CD integration.