Posts Tagged: supply-chain
-
Detecting Malicious PyPI Packages: Typosquatting Attacks on requests, urllib3, and pillow
Detect typosquatting PyPI packages mimicking requests urllib3 pillow: low downloads, suspicious uploaders, few versions. Python supply chain security script queries PyPI API/stats, flags risks. Prevent supply-chain attacks – actionable audit steps, CI integration.
-
How to Verify PGP Signatures for Python Packages Downloaded with pip
Verify PGP signatures Python packages pip: GPG check PyPI .asc files for cryptography requests wheels. Manual supply chain security beyond pip hashes. Step-by-step gpg --verify guide, key import, troubleshooting. PyPI package signature verification 2026.