The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows ...
The Hacker News

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack

A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed ...
Ars Technica

PyPI halted new users and projects while it fended off supply-chain attack

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...
IEEE

An Empirical Study of Malicious Code In PyPI Ecosystem

Abstract: PyPI provides a convenient and accessible package management platform to developers, enabling them to quickly implement specific functions and improve work efficiency. However, the rapid ...
GitHub

npm should not be required to install pytest-html from pypi

I understand npm is only used for tests purpose (maybe I'm wrong...) ? If it is the case I think it should not be necessary to have npm pre-installed to install ...
InfoWorld

How to use structural pattern matching in Python

Python, for all its power and popularity, has long lacked a form of flow control found in other languages—a way to take a value and match it elegantly against one of a number of possible conditions.
IEEE

pytest-inline: An Inline Testing Tool for Python

Abstract: We present pytest-inline, the first inline testing framework for Python. We recently proposed inline tests to make it easier to test individual program statements. But, there is no framework ...