Tag
pypi-security
Safeguard articles tagged "pypi-security" — guides, analysis, and best practices for software supply chain and application security.
14 articles
Open Source Security
Credential-Stealing Packages: What They Target and How Th...
Credential-stealing packages harvest env vars, browser passwords, and npm tokens at install time. Here's how ctx, W4SP, and Shai-Hulud actually work.
Aug 1, 20257 min read
Open Source Security
Reconstructing a Real-World Dependency Confusion Incident...
A step-by-step reconstruction of a real dependency confusion attack, from malicious package upload to remediation, and how to defend your pipeline.
Jul 31, 20257 min read