URL
https://twitter.com/di_codes/status/1610781657128108033
When was this post released
4 January 2023
Summary
in 2022, the @pypi team removed >12,000 unique projects. each were instances of spam, typosquatting, dependency confusion, exfiltration and/or malware.
2022: ~12K (mostly malware)
2021: ~27K (mostly dep confusion)
2020: ~500
2019: 65
2018: 137
2017: 38
Ingram Brings up that most of the work has been handled by Himself, The Ee Durbin the Director of Infrastructure. Ingram calls for more support to provide PyPI with a paid staff.
Ingram also acknowledges that much of the detection of these attacks are with the help and support from security and observability companies like @sonatype, @Phylum_IO, @Checkmarx, @jfrog, @datadoghq, @nao_sec, @loginsoft_inc, @checkpointsw, [@theopenssf(https://twitter.com/theopenssf) and some others.
Code of Conduct
URL
https://twitter.com/di_codes/status/1610781657128108033
When was this post released
4 January 2023
Summary
Ingram Brings up that most of the work has been handled by Himself, The Ee Durbin the Director of Infrastructure. Ingram calls for more support to provide PyPI with a paid staff.
Ingram also acknowledges that much of the detection of these attacks are with the help and support from security and observability companies like @sonatype, @Phylum_IO, @Checkmarx, @jfrog, @datadoghq, @nao_sec, @loginsoft_inc, @checkpointsw, [@theopenssf(https://twitter.com/theopenssf) and some others.
Code of Conduct