You want to use a #StaticSiteGenerator and need to support #multilingual sites? It’s now easier than ever! For quite a while, #Pelican had a great plugin for that use case. Now I helped migrate it to the new plugin format, which means that it can easily be installed from #PyPI. https://github.com/pelican-plugins/i18n-subsites #MultilingualDH #MinimalComputing

There is now a #gitAnnex package on #PyPi: https://pypi.org/project/git-annex/

This should make it simpler to deploy git-annex in Python virtual environments, also as versioned dependencies for software like #Datalad

Packages are built for Linux, Windows, and Mac via GitHub actions: https://github.com/psychoinformatics-de/git-annex-wheel/

Contributions to cover more platforms are most welcome!

Hackers are hiding malware inside AI/ML models on PyPI, targeting #AlibabaAILabs users. Malicious packages dropped infostealers through infected Pickle files.

Read: https://hackread.com/malware-ai-models-pypi-targets-alibaba-ai-labs-users/

I enjoyed writing my first blog post last weekend, so I thought I'd write another one. This one is about a #bash script that became a #Python script and is now a package. All because I was too lazy to label plates and tubes in the lab by hand. The post is mostly about the history and motivation behind the package, i.e. the stuff that does't really fit into the README

https://www.gl-eb.me/blog/posts/2025-05-25_generate-labels/

Malicious Python #PyPI Packages Exploit Instagram and TikTok APIs to Validate Stolen User Accounts:

https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html

Backdoor implant discovered on PyPI posing as debugging utility

A sophisticated malicious package named 'dbgpkg' was detected on PyPI, masquerading as a Python debugging utility. The package implants a backdoor on systems, enabling execution of malicious code and data exfiltration. It uses function wrapping techniques to evade detection and is believed to be part of a larger campaign possibly linked to a hacktivist group known as Phoenix Hyena. The campaign also includes other packages like 'discordpydebug' and 'requestsdev'. The attackers' motivation appears to be geopolitical, potentially related to the Russia-Ukraine conflict. The use of specific backdooring techniques and tools like Global Socket Toolkit indicates a high level of sophistication and an intent to establish long-term presence on compromised systems.

Pulse ID: 68264a9cb2b105513148d978
Pulse Link: https://otx.alienvault.com/pulse/68264a9cb2b105513148d978
Pulse Author: AlienVault
Created: 2025-05-15 20:12:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

If you're at #PyConUS today and wanna chat, I'll be at a sponsor presentation this afternoon https://us.pycon.org/2025/schedule/presentation/153/
Or at @ThePSF booth in the Expo Hall during the Opening Reception

There are currently 636,000 #python projects on #pypi

By the time you read this there will be several more, to the tune of one every few minutes

#opensource tools, algorithms, frameworks for #datascience, #machinelearning, #webdev and much, much more, in principle accessible to everybody

What does this mean, where will this lead?

Your guess as good as mine. But this is emphatically *not* the world we used to live-in, until recently

Remember this when you are gloomy

https://pypi.org/

Revolutionizing Collaboration: PyPI Introduces Organization Accounts for Enhanced Package Management

The Python Packaging Index (PyPI) is taking a significant leap forward by introducing organization accounts, designed to streamline collaboration for larger teams and projects. This move not only enha...

https://news.lavx.hu/article/revolutionizing-collaboration-pypi-introduces-organization-accounts-for-enhanced-package-management

Malicious #PyPi package hides #RAT #malware, targets #Discord devs since 2022

https://www.bleepingcomputer.com/news/security/malicious-pypi-package-hides-rat-malware-targets-discord-devs-since-2022/

Malicious PyPI Package Exposes Discord Developers to RAT Malware Threats

A deceptive Python package, 'discordpydebug,' has infiltrated the PyPI repository, targeting Discord developers with remote access trojan (RAT) malware. With over 11,000 downloads since its launch, th...

https://news.lavx.hu/article/malicious-pypi-package-exposes-discord-developers-to-rat-malware-threats

Malicious PyPI Package Exposes Discord Developers to RAT Malware Threats

A deceptive Python package, 'discordpydebug,' has infiltrated the PyPI repository, targeting Discord developers with remote access trojan (RAT) malware. With over 11,000 downloads since its launch, th...

https://news.lavx.hu/article/malicious-pypi-package-exposes-discord-developers-to-rat-malware-threats

We're proud to announce that @gnuhealth is now an organization in the Python Package Index (#PyPI).

The organization makes it easy to find and explore our projects and packages.

https://savannah.gnu.org/news/?id=10770

We're proud to announce that #GNUHealth is now an organization in the Python Package Index (#PyPi). It's very easy to navigate our projects on pypi.

https://pypi.org/org/GNUHealth/

There's a long tail in PyPI downloads.

Here's the 15k most popular packages from https://hugovk.github.io/top-pypi-packages/ charted. The second is with log scale.

Malicious #PyPI packages abuse #Gmail, #websockets to hijack systems

https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-abuse-gmail-websockets-to-hijack-systems/

Boosting PyPI's Test Suite: An 81% Performance Improvement

Trail of Bits has successfully optimized the test suite for PyPI's Warehouse, achieving a remarkable 81% reduction in execution time. This transformation not only enhances developer efficiency but als...

https://news.lavx.hu/article/boosting-pypi-s-test-suite-an-81-performance-improvement

Exploiting Trust: Malicious PyPI Packages Use Gmail and WebSockets for Cyber Hijacking

A recent discovery of seven malicious packages on PyPI highlights a concerning trend in software supply chain attacks, leveraging trusted services like Gmail for data exfiltration. With one package do...

https://news.lavx.hu/article/exploiting-trust-malicious-pypi-packages-use-gmail-and-websockets-for-cyber-hijacking

New data about packages on #PyPI: https://github.com/sethmlarson/pypi-data/releases/tag/2025.04.25

While preparing my talk, I found some (small) accessibility issues in pypi warehouse project but seems like only maintainers can raise issues and I don't know what to do now, other type of issues doesn't seems to fit.
Is there someone here I can talk to about that and eventually help for the fix?