GitHub

[BUG] can not use private pypi repo to install package(same as offical pypi package)

uv add utensils --extra-index-url https://user:[email protected]:8000/simple --allow-insecure-host=100.64.0.1 warning: Indexes specified via `--extra-index-url` will not be persisted to the ...
GitHub

Install pypi packages from a specific index

pip3 install torch torchvision torchaudio --index-url https://download.pytorch.org/whl/rocm6.2.4 That means for a pixi env to work, I need to have a specific "feature ...
Bleeping Computer

PyPi python packages caught sending stolen AWS keys to unsecured sites

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...
ZDNet

Twelve malicious Python libraries found and removed from PyPI

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages have been discovered in two separate ...
CSOonline

Malicious package flood on PyPI might be sign of new attacks to come

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code. Over the weekend an attacker has been uploading thousands of malicious ...
Bleeping Computer

Malicious PyPi package hides RAT malware, targets Discord devs since 2022

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three ...