Python developers who spent some time coding over the holiday break may want to check out an advisory regarding a malicious PyTorch package that was being fetched from PyPI last week.
Pypi RSS
_medium.jpg)
Google has pledged support for OpenSSF's Package Analysis Project for open source packages uploaded to popular repositories. It has also published the results which paint a rather interesting picture.
The official Python software repository, PyPI, was discovered to host six packages that would download and install cryptomining software on affected systems according to a new report.
