Given how widespread Python is, developers should vet any third-party code they use before adding it to their projects. ESET firmly believes the abuse of PyPI will continue.

The newly approved Python Enhancement Proposal 751 gives Python a standard lock file format for specifying the dependencies of projects. Here’s the what, why, and when.

PyPI halted new users and projects while it fended off supply-chain attack Automation is making attacks on open source code repositories harder to fight.