LiteLLM loses game of Trivy pursuit, gets compromised

Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the ...
Visual Studio Magazine

Aspire 13 Makes Python a First-Class Workload with .NET and JavaScript

Microsoft has added official Python support to Aspire 13, expanding the platform beyond .NET and JavaScript for building and running distributed apps. Documented today in a Microsoft DevBlogs post, ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
Infosecurity-magazine.com

Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads

A new AI-native penetration testing tool called Villager has reached nearly 11,000 downloads on the Python Package Index (PyPI) just two months after release. The framework, developed by the ...
GitHub

[pypi] CI Pipeline fails when uploading Python packages to TestPyPI with duplicate versions

The GitHub Actions packaging pipeline fails during the upload_python_packages_test job when attempting to upload Python packages to TestPyPI that already exist with the same version number. This ...
International Monetary Fund

A Python Package to Assist Macroframework Forecasting: Concepts and Examples

In forecasting economic time series, statistical models often need to be complemented with a process to impose various constraints in a smooth manner. Systematically imposing constraints and retaining ...
tech2geek

How to Install Python Packages with pip (Beginner to Advanced Guide)

Python developers often need to install and manage third-party libraries. The most reliable way to do this is with pip, Python’s official package manager. To avoid package conflicts and system errors, ...
InfoWorld

Amp your Python superpowers with ‘uv run’

The uv utility lets you run Python packages and libraries with one command and no setup. Here's the quick guide to running Python packages without installing them. Astral’s uv tool makes setting up ...
Dark Reading

Hackers Post Dozens of Malicious Copycat Repos to GitHub

Cybercriminals continue to sneak malicious repositories onto GitHub. Typosquatting, dependency confusion, and other types of cyberattacks precipitated through malicious packages are old and common ...
GitHub

Switch to trusted publishing for package upload to PyPI in CI

Trusted publishing (with attestations) means I can know for certain that what I download from PyPI is the same artefact which was generated in GitHub CI, meaning that what I see in GitHub is the same ...
Developer Tech

Chainguard rebuilds Python libraries to slam the door on malware

Chainguard Libraries for Python isn’t just another repository; it’s an index of Python dependencies engineered to be resistant to malware. The secret sauce? Building every single one securely from its ...