Every Pythonista is definitely aware of the PyPI or Python Package Index whether they are using the command line or IDE software. It is a repository of software for the Python Programming language. It is more like a shop where programmers can search and install software that is developed and shared by the Python Community. Programmers can take advantage of this platform to help them in their projects. However, just like anything you download or install online, it comes with some risks. Some of the packages from PyPI could either be outdated or incomplete. Unfortunately, some of them might also contain malicious content.
Hackers will always take advantage of this situation and use the PyPI repository to distribute such malicious content. In response to this, Python Software Foundation recently launched a Request for Proposals for the development of security-critical functionalities in PyPI software. In this video presented by Christina Muñoz from the recently concluded PyCon 2020, we will learn how to detect malicious files in the PyPI repository. She will also help us understand some of the most popular attack vectors used by hackers to confuse and take advantage of the users and how to prevent them. This is an important topic every Pythonista should be aware of. Feel free to watch the video below and learn how to combat malware in the PyPI repository. [Note: This video is in Spanish but even non Spanish speakers will find it extremely useful].