The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
PC Gamer

The Python Software Foundation has turned down a $1.5 million US government grant amid ethical concerns

Linux Linux researcher and developer says 'there are bugs in your kernel right now that won't be found for years. I know because I analyzed 125,183 of them' AI Hacker, dressed as the pink Power Ranger ...
GitHub

[pypi] CI Pipeline fails when uploading Python packages to TestPyPI with duplicate versions

The GitHub Actions packaging pipeline fails during the upload_python_packages_test job when attempting to upload Python packages to TestPyPI that already exist with the same version number. This ...
C&EN

DynamiSpectra: A Python Software Package and Web Platform for Molecular Dynamics Data Analysis in Computational Biology

Keizo Asami Institute, iLIKA, Federal University of Pernambuco, Recife, Pernambuco 50670-901, Brazil Graduate Program in Biology Applied to Health, PPGBAS, Federal University of Pernambuco, Recife, ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
InfoWorld

How to use editable installs for Python packages

When you install Python packages into a given instance of Python, the default behavior is for the package’s files to be copied into the target installation. But sometimes you don’t want to copy the ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
Infosecurity-magazine.com

New Malware on PyPI Poses Threat to Open-Source Developers

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...
GitHub

PyPI publish GitHub Action

This action allows you to upload your Python distribution packages in the dist/ directory to PyPI. This text suggests a minimalistic usage overview. For more detailed walkthrough check out the PyPA ...
Mobile

How to Install Pip on Linux? – A Complete Step-by-Step Guide

What is Pip? Why Do You Need It? Pip is a package manager for Python. It allows you to install and manage hundreds of Python libraries listed in the Python Package ...
InfoWorld

Air-gapped Python: Setting up Python without a net(work)

Installing Python and related applications on a system without a network connection isn’t easy, but you can do it. Here’s how. The vast majority of modern software development revolves around one big ...