Snake bites: Beware malicious Python libraries

Malware posing as Python libraries is routinely showing up on PyPI, Python’s official package index

Snake bites: Beware malicious Python libraries
Thinkstock

Earlier this week, two Python libraries containing malicious code were removed from the Python Package Index (PyPI), Python’s official repository for third-party packages.

It’s the latest incarnation of a problem faced by many modern software development communities, raising an important question for all developers who rely on open source software: How can you make it possible for people to contribute their own code to a common repository for re-use, without those repos becoming vectors for attacks?

Copyright © 2019 IDG Communications, Inc.