New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
InfoWorld

Pyrefly 1.0: A fast, forward-looking Python linter

Meta’s Rust-powered linter and type checker for Python pairs blazing speed with advanced and innovative features.
InfoWorld

Python isn’t always easy

It’s harder than it might seem to create a stand-alone Python app. It’s also harder than you might think to reliably back up SQLite databases, but Python has the tools for it. And while it’s not easy ...
theregister

OpenAI tries to build its coding cred, acquires Python toolmaker Astral

In a move clearly designed to strengthen its position among developers, OpenAI has acquired Python tool maker Astral. The house of Altman expects the deal to strengthen the ecosystem for its Codex ...
GitHub

Is OpenOCR only support opencv-python<=4.6.0.66?

I’m wondering if OpenOCR only supports opencv-python<=4.6.0.66? I noticed there’s no version restriction specified in the requirements.txt, but when I try to ...
GitHub

Use pip repos with different names between different python versions

This seems to be an "issue" when you using py_library and add a dependency to it that is in a pip repo not using your default python version. Hopefully I explained that correctly but I also opened a ...
theregister

Over 170K users caught up in poisoned Python package ruse

More than 170,000 users are said to have been affected by an attack using fake Python infrastructure with "successful exploitation of multiple victims." According to CheckMarx, members of the Top.gg ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...