Tag: Pip

  • Package Signing in PIP

    A few days ago, I made this DEV.to post about how Python’s PIP lacks GPG package signing. Well, it turns out that I’m …

  • Off-The-Shelf Hacker: Make Your Wearable Device Talk to You

    Building wearable devices is a great way to explore “alternative” interfaces. What if your wearable device could do things and then …

  • Python Package Repository Struggles to Deal with Typosquatting

    Ten rogue packages with misspelled names intentionally chosen to trick users have recently been found on the Python Package Index (PyPI), the main repository for community-contributed Python components. This is the latest in a string of typosquatting attacks discovered on open-source software repositories over the past few years. Read full news article on The New…

  • PyPI Python repository hit by typosquatting sneak attack

    Somebody with time on their hands has tested out a devious new form of typosquatting targeting developers installing Python packages from the PyPI (Python Package Index) repository. According to an advisory posted to the Slovak National Security Office (NBU), ten packages for Python 2.x were removed from the site after being found to contain malicious…