HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Nickste

no profile record

Submissions

Payment processor publishes official NPM package that leaks credit card data

getsafety.com
13 points·by Nickste·ano passado·0 comments

comments

Nickste
·há 12 meses·discuss
Mike is doing an incredible job of finding ways to make it harder for attackers to abuse PyPI (see the PyPI quarantine project). At Safety (previously PyUp) we've been tracking a significant increase in malicious packages that compromise you as soon as you install them. We've extended our open-source CLI tool with a "Firewall" capability that aims to protect against some of these kinds of attacks (typosquatting, slopsquatting) while not requiring any changes to the tooling you use (e.g. pip, uv, poetry).

You can check it out with: pip install safety && safety init
Nickste
·ano passado·discuss
Safety (previously PyUp) - https://getsafety.com - software supply chain security. Offices in Vancouver but team is all over Canada. Raised a large seed round from First Round and others.