Active Malware Campaign Targeting Popular Python Packages Underway

This page summarizes the projects mentioned and recommended in the original post on /r/netsec
Rust HacktoberFest Python Security security-scanner

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • birdcage

    Cross-platform embeddable sandboxing

    • In addition to this, taking precautions to not install unknown packages is probably also extremely prudent. Towards that end, we've open sourced a cross platform embeddable sandbox for package installations. Source is freely available on Github (https://github.com/phylum-dev/birdcage) and we've added it into our tooling so you can run pip install ... and it'll limit access to disk, network, etc. during package installation.

  • pypi-scan

    Discontinued Scan pypi for typosquatting

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • cli

    Command line interface for the Phylum API (by phylum-dev)

    • Our CLI tool (also open source and free) will check for typosquats, dependency confusion, malicious code, vulnerabilities, etc. in your package dependencies. Works for pypi, npm, rubygems, maven, nuget and very recently golang and rust crates.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)

    18 projects | /r/SaaS | 22 May 2023

  • Uv: Python Packaging in Rust

    9 projects | news.ycombinator.com | 15 Feb 2024

  • Ask HN: Show me your half baked project

    163 projects | news.ycombinator.com | 12 Oct 2023

  • Rust Malware Staged on Crates.io

    3 projects | news.ycombinator.com | 25 Aug 2023

  • Investigating Pydantic v2's Bold Performance Claims

    5 projects | dev.to | 17 May 2023