#pypi

Official SDKs for 12 Platforms: Domain-Bound Software Licensing Made Easy

🖼️

0

Official SDKs for 12 Platforms: Domain-Bound Software Licensing Made Easy

DEV Community·Traffic Orchestrator·18 days ago

#C3VpQ4XN

#saas #licensing #api #devtools #traffic #orchestrator

Traffic Orchestrator now offers official SDKs for 12 platforms including Node.js, Python, Rust, Go, and more.

15s

TanStack Was Not the Whole Story: Mini Shai-Hulud Was an npm/PyPI Supply-Chain Worm

🖼️

0

TanStack Was Not the Whole Story: Mini Shai-Hulud Was an npm/PyPI Supply-Chain Worm

DEV Community·Teruo Kunihiro·20 days ago

#nuInJIyz

#pypi #comment #security #npm #tanstack #github

How the TanStack npm compromise fits into the broader Mini Shai-Hulud campaign across npm, PyPI, GitHub Actions, IDE hooks, and CI/CD secrets.

15s

🖼️

0

Beta Users for Agent Governance Runtime

DEV Community·Anant·22 days ago

#Gfu7bFMe

#agents #ai #python #showdev #pypi #cerone

Hey folks! I'm looking for beta users to try out Cerone — an AI Agent governance runtime. It helps...

15s

I scored the top packages in npm, PyPI, Cargo, and Go. One vulnerability pattern dominates three of them.

🖼️

0

I scored the top packages in npm, PyPI, Cargo, and Go. One vulnerability pattern dominates three of them.

DEV Community·Pico·23 days ago

#JlJYyxuT

#npm #security #supplychain #audit #cargo #proof

Same tool, same methodology, four ecosystems. 5.2 billion weekly downloads across npm, PyPI, and Cargo share a single structural weakness. Go doesn't have it.

15s

Supply chain npm vs PyPI: I compared both simulations and the most dangerous vector isn't what everyone thinks

🖼️

0

Supply chain npm vs PyPI: I compared both simulations and the most dangerous vector isn't what everyone thinks

DEV Community·Juan Torchia·24 days ago

#JTMT416z

#supply #npm #pypi #packages #package #install

I ran supply chain attack simulations on npm and PyPI separately. When I put them side by side, the pattern that emerged made me uncomfortable: the ecosystem everyone watches isn't the most vulnerable one. Here's the cross-meta-analysis with real numbers.

15s

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

🖼️

0

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

DEV Community·Mark0·26 days ago

#XhyXDD9g

#cybersecurity #infosec #malware #pypi #packages #middle

⚠️ Region Alert: UAE/Middle East Security researchers have identified a sophisticated supply chain...

15s

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

🖼️

0

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

DEV Community·Dwayne McDaniel·27 days ago

#63WKYhHr

#campaign #security #cybersecurity #opensource #three #secrets

From Dev.to - security: No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

15s

certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.

🖼️

0

certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.

DEV Community·Pico·29 days ago

#La0bAn2k

#python #security #supplychain #publisher #critical #pypi

I audited the top Python packages for supply chain risk. The results are different from npm — and in some ways scarier.

15s

Malware in PyTorch Lightning: I Simulated the Same Supply Chain Attack Vector on My ML Dependencies in Production

🖼️

0

Malware in PyTorch Lightning: I Simulated the Same Supply Chain Attack Vector on My ML Dependencies in Production

DEV Community·Juan Torchia·about 1 month ago

#nfx48QjX

#devops #produccion #pypi #install #hashes #production

The Python ML ecosystem has a structural problem that Node and Rust solved years ago: the transitive dependency chain of a single ML library can exceed 200 entries, most without verifiable cryptographic signatures.…

15s

EGA: Runtime Enforcement for LLM Outputs (v1.0.0)

🖼️

0

EGA: Runtime Enforcement for LLM Outputs (v1.0.0)

DEV Community·BN·about 1 month ago

#usPH8DWN

#llm #rag #mlops #opensource #pypi #runtime

I built EGA, a runtime enforcement layer for LLM outputs. The problem: eval tools usually score...

15s

📰

0

Dependency Explorer for NPM, PyPI and Nix

Reddit r/javascript·u/simonramstedt·about 1 month ago

#VvanxCFt

#dependency #explorer #pypi #helpful #choosing #article

View the full article

Create a free account to read full articles inline — no redirect to the original site.

Create account Log in

📰

0

Set up automated dependency scanning after the recent npm/PyPI supply chain attacks

Reddit r/netsec·u/root0ps·about 1 month ago

#mQNZo1wy

#pypi #dependency #docker #running #project #article

With everything that's happened recently, the Axios npm account hijack, LiteLLM getting poisoned on PyPI, and that coordinated npm/PyPI/Docker Hub campaign in April, I finally stopped manually running `npm audit` and set up something proper.…

15s

📰

0

Set up automated dependency scanning after the recent npm/PyPI supply chain attacks

Reddit r/programming·u/root0ps·about 1 month ago

#r7rPUznD

#automated #dependency #scanning #recent #pypi #article

From Reddit - r/programming: Set up automated dependency scanning after the recent npm/PyPI supply chain attacks

15s

🖼️

0

semvec added to PyPI

DEV Community·Clyde C·about 1 month ago

#JrZhXyfG

#ai #technology #software #coding #semvec #pypi

Why It Matters The addition of semvec to PyPI is a significant event in the world of...

15s

PyPI supply chain compromise via GitHub Actions → elementary-data backdoored with .pth infostealer (exec on interpreter startup)

📰

0

PyPI supply chain compromise via GitHub Actions → elementary-data backdoored with .pth infostealer (exec on interpreter startup)

Reddit r/webdev·u/raptorhunter22·about 1 month ago

#OKXlSp2m

#pypi #github #supply #chain #actions #article

A recent supply chain attack targeted the elementary-data Python package on PyPI, where an attacker exploited a GitHub Actions script injection vulnerability to abuse the repository’s GITHUB\_TOKEN and push a forged release without modifying the main…

15s

Menu

Official SDKs for 12 Platforms: Domain-Bound Software Licensing Made Easy

TanStack Was Not the Whole Story: Mini Shai-Hulud Was an npm/PyPI Supply-Chain Worm

Beta Users for Agent Governance Runtime

I scored the top packages in npm, PyPI, Cargo, and Go. One vulnerability pattern dominates three of them.

Supply chain npm vs PyPI: I compared both simulations and the most dangerous vector isn't what everyone thinks

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.

Malware in PyTorch Lightning: I Simulated the Same Supply Chain Attack Vector on My ML Dependencies in Production

EGA: Runtime Enforcement for LLM Outputs (v1.0.0)

Dependency Explorer for NPM, PyPI and Nix

Set up automated dependency scanning after the recent npm/PyPI supply chain attacks

Set up automated dependency scanning after the recent npm/PyPI supply chain attacks

semvec added to PyPI

PyPI supply chain compromise via GitHub Actions → elementary-data backdoored with .pth infostealer (exec on interpreter startup)