Safeguard
Tag

pypi-security

Safeguard articles tagged "pypi-security" — guides, analysis, and best practices for software supply chain and application security.

14 articles

Software Supply Chain Security

The Ultralytics AI pwn request supply chain attack

How a malicious pull request, a poisoned GitHub Actions cache, and a stored PyPI token turned the Ultralytics YOLO package into a cryptominer.

Jul 3, 20267 min read
AI Security

Slopsquatting: When AI Hallucinates Package Names

LLMs invent plausible package names; attackers register them and wait. How slopsquatting works, why hallucinations repeat predictably, and the gates that stop it.

Jun 14, 20266 min read
Threat Intelligence

Malicious PyPI packages: common infiltration patterns

Real malicious PyPI package examples — typosquats, dependency confusion, hijacked maintainers, and crypto stealers — and how Safeguard catches them before install.

May 10, 20268 min read
Threat Intelligence

Typosquatting across package registries (npm, Go, PyPI)

Typosquatting has infected npm, PyPI, and now Go modules. We break down real attacks like crossenv and colourama, how Socket.dev detects them, and where the gaps remain.

May 9, 20267 min read
Open Source Security

Typosquatting packages

What is typosquatting? A precise breakdown of package typosquatting attacks, real npm and PyPI examples, and how lookalike malicious packages slip into builds.

Mar 3, 20266 min read
Open Source Security

What is PyPI Security

PyPI security stops typosquats, dependency confusion, and poisoned CI builds before pip install ever runs your code.

Feb 8, 20267 min read
Vulnerability Analysis

Typosquatting in open source package registries explained

Typosquatting hides malware behind a one-character package name typo. Learn how it works, real incidents, and how to detect it before your build runs.

Dec 7, 20257 min read
Open Source Security

The 'ctx' PyPI Package Hijack via Expired Maintainer Domain

In 2022, attackers bought an expired domain, reset a PyPI maintainer's email, and hijacked the ctx package to steal environment variables from unsuspecting installs.

Dec 3, 20257 min read
Buyer's Guides

Best malicious package detection tools for open source de...

A field guide to malicious package detection tools for npm and PyPI, comparing real vendors on detection method, coverage, and dependency confusion handling.

Nov 13, 20258 min read
Incident Analysis

Dependency confusion attacks against major tech companies

A look at the dependency confusion attacks that hit Apple, Microsoft, PayPal, and PyTorch — and why the technique still works against top engineering orgs.

Nov 5, 20257 min read
Open Source Security

Anatomy of a Typosquatting Campaign: How Attackers Pick T...

Real typosquatting campaigns follow a repeatable playbook: target selection, edit-distance tricks, and install-time payloads. Here's how attackers actually pick their targets.

Aug 2, 20257 min read
Buyer's Guides

Comparing Malicious Package Tactics Across npm, PyPI, Rub...

npm, PyPI, RubyGems, and crates.io each get hit by malicious packages differently. Real incidents from 2018-2025 show how attacker tactics shift by ecosystem.

Aug 1, 20257 min read
pypi-security — Safeguard Blog