WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
InfoWorld

How to use uv: A superfast Python package installer

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look. A few behaviors aren’t supported yet, but these should not interfere with your ...
Ars Technica

Backdoored package in Go mirror site went unnoticed for >3 years

I think software development has a fundamental problem caused by its need for trust. As much as researchers admonish people to audit their dependencies by reading through its code, that's a cost in ...
pv magazine International

PVRadar launches Python programming tool to ease site-specific loss modeling

German software company PVRadar Labs has released a Python programming toolbox for industry practitioners that are building site-specific models. The package provides a shortcut to to customize yield ...
InfoWorld

PyApp: An easy way to package Python apps as executables

Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the easiest Python packager yet. Every developer knows how hard it is to ...