Dependency Confusion: How Hackers Infiltrate Internal Tools
Understanding Dependency Confusion attacks where public packages override private internal libraries. How to secure requirements.txt.
3 docs tagged with "pypi"
View all tagsEnvironment Variable Leaks: The Danger of .env and .pypirc
Why committing .env files is a security sin, and how .pypirc leaks lead to supply chain attacks via malicious package uploads.
Typosquatting in Python: One Typo, Total Compromise
How attackers exploit simple typing errors in requirements.txt to install malware. Detecting 'tourch', 'reqests', and other malicious PyPI packages.