Supply Chain Issues in PyPI
This is a cross post from stiankri.substack.com
Earlier this year I did some security research into the Python Package Index (PyPI) as well as how it’s used by the package managers Pip and Poetry.
The research is summarized in the following blog posts:
The research was also presented at BSides Oslo in the talk “Unexpected Ways to Distribute Python Packages”.