推荐学习书目 Learn Python the Hard Way Python Sites PyPI - Python Package Index http://diveintopython.org/toc/index.html Pocoo 值得关注的项目 PyPy Celery Jinja2 Read the Docs gevent pyenv virtualenv Stackless Python Beautiful Soup 结巴中文分词 Green Unicorn Sentry Shovel Pyflakes pytest Python 编程 pep8 Checker Styles PEP 8 Google Python Style Guide Code Style from The Hitchhiker's Guide
121.42.217.44 这位老哥,在 PyPI 上用马甲包名碰瓷钓鱼,被挖出来了。pip install 一把梭的当心了
est est 2019-01-21 12:20:05 +08:00 5357 次点击这是一个创建于 2457 天前的主题,其中的信息可能已经有所发展或是发生改变。
acqusition (uploaded 2017-06-03 01:58:01, impersonates acquisition)
apidev-coop (uploaded 2017-06-03 05:16:08, impersonates apidev-coop_cms)
bzip (uploaded 2017-06-04 07:08:05, impersonates bz2file)
crypt (uploaded 2017-06-03 08:03:14, impersonates crypto)
django-server (uploaded 2017-06-02 08:22:23, impersonates django-server-guardian-api)
pwd (uploaded 2017-06-02 13:12:33, impersonates pwdhash)
setup-tools (uploaded 2017-06-02 08:54:44, impersonates setuptools)
telnet (uploaded 2017-06-02 15:35:05, impersonates telnetsrvlib)
urlib3 (uploaded 2017-06-02 07:09:29, impersonates urllib3)
urllib (uploaded 2017-06-02 07:03:37, impersonates urllib3)
https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/
apidev-coop (uploaded 2017-06-03 05:16:08, impersonates apidev-coop_cms)
bzip (uploaded 2017-06-04 07:08:05, impersonates bz2file)
crypt (uploaded 2017-06-03 08:03:14, impersonates crypto)
django-server (uploaded 2017-06-02 08:22:23, impersonates django-server-guardian-api)
pwd (uploaded 2017-06-02 13:12:33, impersonates pwdhash)
setup-tools (uploaded 2017-06-02 08:54:44, impersonates setuptools)
telnet (uploaded 2017-06-02 15:35:05, impersonates telnetsrvlib)
urlib3 (uploaded 2017-06-02 07:09:29, impersonates urllib3)
urllib (uploaded 2017-06-02 07:03:37, impersonates urllib3)
https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/
16 条回复 2019-01-21 16:19:23 +08:00
 | 1 Slienc7 2019-01-21 12:30:54 +08:00 @aliyunservice 建议报警。 |
 | 2 run2 2019-01-21 12:36:00 +08:00 为啥 PyPI 社区一直在重复这种事件, 加上 vendor id 很难么?(演变成 pip install vendor/package) |
 | 3 ericls 2019-01-21 12:39:59 +08:00 @sobigfish PyPI 的包上传难度感觉人为加了难度 可能正是因为如此 所以 PyPI 的包质量通常较好 (相比 npm,上传难度很低)结果反而导致 impersonator 出现。PyPI 还有一系列 legacy 的东西没解决呢。。。 |
 | 4 xi2008wang 2019-01-21 13:52:28 +08:00 还以为是现在的,原来是两年前的新闻了。。。 |
 | 5 janxin 2019-01-21 13:57:48 +08:00 这个我记得是某个哥们专门验证能钓鱼专门传的吧,当时传了一大堆包 |
 | 6 find456789 2019-01-21 13:59:23 +08:00 @aliyunservice 建议调查 |
 | 8 changwei 2019-01-21 15:16:28 +08:00 还有这种操作 |
 | 9 deepreader 2019-01-21 15:20:30 +08:00 可怕 |
 | 10 des 2019-01-21 15:31:43 +08:00 via Android 早说了不止 npm 有这个隐患 |
 | 11 mmnsghgn 2019-01-21 15:33:24 +08:00  1 |
 | 13 lolizeppelin 2019-01-21 16:08:35 +08:00 自打包 rpm 党飘过 压根不怕 ...等等 我 window 上没 msi 包只能 pip 的咋办 233333 |
| 14 lolizeppelin 2019-01-21 16:16:37 +08:00 哦想起来了 我从 pip 上下载下来 本地装的 2333 |
 | 15 freefcw 2019-01-21 16:18:34 +08:00 这点 composer/docker 之类的确实要好很多 |
 | 16 natforum 2019-01-21 16:19:23 +08:00 这算挖坟吗 2 年前的新闻 |
Select Language