Ten Malicious Libraries Found on PyPI - Python Package Index
The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages — e.g.: "urlib" instead of "urllib." The PyPI reposit
Pretend Python packages prey on poor typing
The Slovakian National Security Authority on Thursday warned that PyPI, the repository for Python software packages, has been hosting malicious software libraries. The group's cybersecurity division, SK-CSIRT, identified 10 fake libraries designed to dupe developers through typosquatting. The names of the malicious libraries are almost identical to legitimate libraries, in the hope that fat-finger
Devs unknowingly use “malicious†modules snuck into official Python repository
The official repository for the widely used Python programming language has been tainted with modified code packages, a computer security authority in Slovakia warned. The authority also said the packages have been downloaded by unwitting developers who incorporated them into software over the past three months. Multiple code packages were uploaded to the Python Package Index, often abbreviated as
PyPIã«æ‚ªæ„ã®ã‚るパッケージãŒã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã•ã‚Œã¦ã„㟠| スラド デベãƒãƒƒãƒ‘ー
スãƒãƒã‚ア政府ã®ã‚µã‚¤ãƒãƒ¼ã‚»ã‚ュリティ対ç–ãƒãƒ¼ãƒ SK-CSIRTã¯ã€Pythonパッケージã®å…¬å¼ãƒªãƒã‚¸ãƒˆãƒª PyPI ã«æ‚ªæ„ã‚るコードをå«ã‚€10個ã®å½ãƒ©ã‚¤ãƒ–ラリパッケージãŒã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã•ã‚Œã¦ã„ãŸã“ã¨ã‚’発表ã—ãŸ(SK-CSIRTアドãƒã‚¤ã‚¶ãƒªãƒ¼: skcsirt-sa-20170909-pypi〠Ars Technicaã®è¨˜äº‹ã€ The Registerã®è¨˜äº‹ã€ Bleeping Computerã®è¨˜äº‹)。 å½ãƒ‘ッケージã¯ã„ãšã‚Œã‚‚有åパッケージã®ã‚³ãƒ”ーã§ã€ã‚ªãƒªã‚¸ãƒŠãƒ«ã®ãƒ‘ッケージåを一部変ãˆãŸåå‰ãŒä»˜ã‘られã¦ã„る。コード自体ã¯ã‚ªãƒªã‚¸ãƒŠãƒ«ã¨å…¨ãåŒã˜ã‚‚ã®ã ãŒã€ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«æ™‚ã«å®Ÿè¡Œã•ã‚Œã‚‹ã‚¹ã‚¯ãƒªãƒ—トãŒæ‚ªæ„ã®ã‚るコードをå«ã‚€ã‚‚ã®ã«å¤‰ãˆã‚‰ã‚Œã¦ã„ãŸã¨ã®ã“ã¨ã€‚ SK-CSIRTã®é€šå ±ã«ã‚ˆã‚Šæ—¢ã«å•é¡Œã®ãƒ‘ッケージã¯å…¨ã¦ãƒªãƒã‚¸ãƒˆãƒªã‹ã‚‰å‰Šé™¤ã•ã‚ŒãŸãŒã€å…¬é–‹ã•ã‚Œã¦ã„ãŸ6月ã‹ã‚‰9月ã®é–“ã«è¤‡æ•°å›žã®ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ãŒç¢ºèªã•ã‚Œã¦ã„ã‚‹
codespeed
Unverified details These details have not been verified by PyPI Project links Homepage Download Meta License: GNU Lesser General Public License v2 (LGPLv2) (GNU Lesser General Public License version 2.1) Author: Miquel Torres Tags benchmarking, visualization # Codespeed [](https://travis-ci.org/tobami/codespeed) [
awsebcli
Unverified details These details have not been verified by PyPI Project links Homepage Meta License: Apache Software License (Apache License 2.0) Author: AWS Elastic Beanstalk Classifiers Development Status 5 - Production/Stable Intended Audience Developers System Administrators License OSI Approved :: Apache Software License Natural Language English Programming Language Python Python :: 3.7 Pytho
bitarray
Unverified details These details have not been verified by PyPI Project links Homepage Meta License: Python Software Foundation License (PSF) Author: Ilan Schnell Classifiers Development Status 6 - Mature Intended Audience Developers License OSI Approved :: Python Software Foundation License Operating System OS Independent Programming Language C Python :: 3 Python :: 3.5 Python :: 3.6 Python :: 3.
cytoolz
Cython implementation of Toolz: High performance functional utilities Unverified details These details have not been verified by PyPI Project links Homepage Meta License: BSD License (BSD) Author: https://raw.github.com/pytoolz/cytoolz/master/AUTHORS.md Maintainer: Erik Welch Tags functional, utility, itertools, functools, iterator, generator, curry, memoize, lazy, streaming, bigdata, cython, tool
Pythonã§Test::TCPçš„ãªã“ã¨ã‚’ã™ã‚‹ãƒ©ã‚¤ãƒ–ラリをPyPIã«ä¸Šã’ã¾ã—㟠| Nekoya press
Perlã§ã„ã†ã¨ã“ã‚ã®Test::TCP相当ã®ã“ã¨ã‚’Pythonã§ã‚„るライブラリをPyPIã«ä¸Šã’ã¾ã—ãŸã€‚よã†ã‚„ãPyPIデビューã§ã™ã€‚ https://github.com/nekoya/python-tcptest https://pypi.python.org/pypi/tcptest Test::TCPã¯Perlã§ãƒ†ã‚¹ãƒˆæ™‚ã«ä¸€æ™‚çš„ã«ã‚µãƒ¼ãƒã‚’èµ·å‹•ã—ãŸã‚Šã™ã‚‹å‡¦ç†ã®åŸºç›¤ã¨ãªã‚‹ãƒ©ã‚¤ãƒ–ラリã§ã™ã€‚åŒç‰ã®ã“ã¨ã‚’Pythonã§ã‚„ã‚‹ã®ã«é©å½“ãªã‚‚ã®ãŒè¦‹å½“ãŸã‚‰ãªã‹ã£ãŸã®ã§è‡ªåˆ†ã§æ›¸ã„ãŸã¨ã„ã†çµŒç·¯ã§ã™ã€‚ 社内ã§ã¯ä»¥å‰ã‹ã‚‰ã“ã®ä»•çµ„ã¿ã‚’使ã£ã¦ãƒ†ã‚¹ãƒˆã‚’書ã„ã¦ã„ãŸã®ã§ã™ãŒã€è‡ªç¤¾ã®configç³»ã®ãƒ©ã‚¤ãƒ–ラリã¨ã®çµåˆã‚’排除ã—ã¦ã€å†æ§‹æˆã—ãŸã‚‚ã®ã«ãªã‚Šã¾ã™ã€‚今回ã“ã†ã—ã¦å…¬é–‹ã™ã‚‹ã«ã‚ãŸã£ã¦ã€é–¢æ•°åをオリジナルã®Perl版ã«è¿‘付ã‘ãŸã‚Šã€TestServerã®å®Ÿè£…ã‚’å…¨é¢çš„ã«è¦‹ç›´ã—ãŸã‚Šã—ã¾ã—ãŸã€‚ tcptestパッケージã«ã¯Test
pip install ã‚„ easy_install を速ãã™ã‚‹ãŸã‚ã® pypi ã®è¨å®šå¤‰æ›´ - methaneã®ãƒ–ãƒã‚°
pip ã‚„ easy_install ãŒçªç„¶é€Ÿããªã‚‹ã‹ã‚‚ã—ã‚Œãªã„ ã§ç´¹ä»‹ã—㟠pypi ã‹ã‚‰ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«é«˜é€ŸåŒ–ã®ç¬¬ä¸€å¼¾ãŒå§‹ã¾ã‚Šã¾ã—ãŸã€‚ ã¨ã„ã£ã¦ã‚‚ã€ã„ããªã‚Šå‹æ‰‹ã« pypi å´ã§ã‚¹ã‚¯ãƒ¬ã‚¤ãƒ”ングã™ã‚‹URLを変更ã™ã‚‹ã®ã§ã¯ãªãã¦ã€ãƒ‘ッケージ管ç†è€…ãŒæ˜Žç¤ºçš„ã«æŒ‡å®šã™ã‚‹æ–¹æ³•ã«ãªã‚Šã¾ã™ã€‚ pypi ã«ãƒ‘ッケージをアップãƒãƒ¼ãƒ‰ã—ã¦ã„る人ã¯è¨å®šå¤‰æ›´ã—ã¾ã—ょã†ã€‚ パッケージã®ç®¡ç†ç”»é¢ã®ã†ã¡ url ã®ç”»é¢ã‚’é–‹ãã¨ã€ã“ã®ç”»åƒã®ã‚ˆã†ãªãƒšãƒ¼ã‚¸ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚ ã¾ãšã€ Hosting Mode ã®ã¨ã“ã‚ã§ã€ "As above but also..." ã«ãªã£ã¦ã„ã‚‹ã®ã‚’ "Do not extract..." ã«å¤‰ãˆã¾ã™ã€‚ã“ã‚Œã§ã€ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ãŸãƒ•ã‚¡ã‚¤ãƒ«ä»¥å¤–を探ã—ã«è¡Œãã“ã¨ãŒãªããªã‚Šã¾ã™ã€‚ (pypi ã«ãƒ‘ッケージをアップãƒãƒ¼ãƒ‰ã—ã¦ã„ãªã„人ã¯ã€ download_url を指定ã—㦠"Present URLs..
pip ã‚„ easy_install ãŒçªç„¶é€Ÿããªã‚‹ã‹ã‚‚ã—ã‚Œãªã„ - methaneã®ãƒ–ãƒã‚°
PyPI を安全ã«åˆ©ç”¨ã™ã‚‹ãŸã‚ã«ã€å…ˆæ—¥ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ https を利用ã™ã‚‹ pip ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¾ã—ãŸã€‚ ã§ã™ãŒã“ã‚Œã§çµ‚ã‚ã‚Šã§ã¯ã‚ã‚Šã¾ã›ã‚“。 pip ã‚„ easy_install 㯠PyPI ã®ãƒšãƒ¼ã‚¸ã‹ã‚‰ãƒªãƒ³ã‚¯ã‚’辿ã£ã¦ã‚¹ã‚¯ãƒ¬ã‚¤ãƒ”ングã—ã¦ãƒ‘ッケージを探ã—ã¦ã„ã¾ã™ã€‚リンク先ãŒhttpsã§ãªã‹ã£ãŸã‚‰ã‚„ã£ã±ã‚Šå®‰å…¨ã§ã¯ã‚ã‚Šã¾ã›ã‚“。 実ã¯ã€ 90% ã®ãƒ‘ッケージ㯠PyPI ã«ç›´æŽ¥é…布ファイルをアップãƒãƒ¼ãƒ‰ã—ã¦ã„るらã—ã„ã§ã™ã€‚ ç¾åœ¨ã€ã“れらã®ãƒ‘ッケージã§å¤–部ã®URLã‚’ /simple ページã«è¡¨ç¤ºã—ãªã„よã†ã«ã—よã†ã¨ã„ã†è°è«–ãŒé€²è¡Œä¸ã§ã™ã€‚ ã“ã‚ŒãŒå®Ÿæ–½ã•ã‚Œã‚‹ã¨å®‰å¿ƒãªã ã‘ã§ãªãã€ä½™è¨ˆãªã‚¹ã‚¯ãƒ¬ã‚¤ãƒ”ングãŒç™ºç”Ÿã—ãªããªã£ã¦ pip ãŒé«˜é€Ÿã«ãªã‚‹ã¨æ€ã‚ã‚Œã¾ã™ã€‚ wktk ã§ã™ã€‚ 興味ã®æœ‰ã‚‹ã‹ãŸã¯ Catalog-SIG ã® ML ã‚’å‚ç…§ã—ã¦ãã ã•ã„。
Shibu's Diary: Pythonã®PyPIã®ãƒ‘ッケージ数ãŒPerlã®CPANを抜ã„ãŸæ—¥
抜ã‹ã‚ŒãŸã¨ã¯ã„ã£ã¦ã‚‚ã€Perlã‚‚éŽåŽ»2å¹´ã§7000ãらã„数を増やã—ã¦ãã¦ã„ã‚‹ã‚ã‘ã ã—ã€ã¾ã ã¾ã アクティブã§ã™ã€‚僕もãŠä¸–話ã«ãªã‚Šã¾ã—ãŸãŒã€ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã•ã‚Œã¦ã„るソースコードをèªã‚“ã§ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®å‹‰å¼·ã‚’ã•ã›ã¦ã‚‚らã£ãŸã‚Šã€ä¾¡å€¤ã®é«˜ã•ã¯å¥åœ¨ã§ã™ã€‚æ´å²ãŒã‚る分ã€ãƒãƒƒã‚«ãƒ¼ãªäººã‚‚多ãã¦ãƒ¬ãƒ™ãƒ«ãŒé«˜ã„イメージã§ã™ã€‚ã¡ã‚‡ã£ã¨å‰ã«ã€Œã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãªã‚‰githubã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ã‚½ãƒ¼ã‚·ãƒ£ãƒ«ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã§ã€ã¿ãŸã„ãªãƒã‚ºãƒ¯ãƒ¼ãƒ‰ãŒæµè¡Œã£ã¦ã¾ã—ãŸãŒã€20世紀ã‹ã‚‰sourceforge.netã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆæŒã£ã¦ã„る人ã®æ–¹ãŒæ–然オーラを感ã˜ã‚‹ãœã€çš„ãªã€‚ ãã—ã¦ã€Pythonã‚‚Perlを抜ã„ãŸã¨ã¯ã„ãˆã€ãã®ç«‹å ´ã™ã§ã«è„…ã‹ã•ã‚Œã¦ã„ã¾ã™ã€‚node.jsã®ãƒ‘ッケージã®npmã§ã™ã€‚Google Trendsã§è¦‹ã‚‹ã¨ã€2010å¹´8月ãらã„ã«ã§ããŸã°ã‹ã‚Šã‹ãªã€ã¨ã„ã†ã¨ã“ã‚ã§ã™ãŒã€ã™ã§ã«23300。ã“ã“1ヶ月ã§ã‚‚1500ãらã„数を伸ã°ã—ã¦ã„ã¾ã™ã—
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
PyPICloud - PyPI backed by S3 or GCS — pypicloud 1.3.12 documentation
http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
devpi-latest Documentation
Googleã€ã‚ªãƒ¼ãƒ—ンソースã®æ©Ÿæ¢°å¦ç¿’ライブラリ「TensorFlowã€ã®Windows版を公開
bandersnatch
cffi
Simple index
PyPI Download Statistics · Alex Gaynor
{{#tags}}- {{label}}
{{/tags}}