Forking confusing: Vulnerable Rust crate exposes uv Python packager

A vulnerability in the popular Rust crate async-tar has affected the fast uv Python package manager, which uses a forked version that's now patched – but the most widely downloaded version remains ...
InfoWorld

Use UV to run Python packages and programs without installing

Astral's uv utility simplifies and speeds up working with Python virtual environments. But it has some other superpowers, too: it lets you run Python packages and programs without having to formally ...
ZDNet

Malicious Python libraries targeting Linux servers removed from PyPI

A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on ...

Python Software Foundation: Equal Opportunity More Important Than US Funding

The PSF forgoes potential funding because the requirements explicitly prohibit programs promoting equal opportunity under DEI ...
Bleeping Computer

New Python tool checks NPM packages for manifest confusion issues

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry. Last week, a former ...