> I also recall a blog post where someone was scanning PyPI for malicious Python... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		woodruffw on Feb 15, 2024 \| parent \| context \| favorite \| on: Uv: Python packaging in Rust > I also recall a blog post where someone was scanning PyPI for malicious Python packages, only to realize that `pip download` also executed code. I think you're thinking of this post[1]. The code being searched for wasn't malicious, just buggy :-) [1]: https://moyix.blogspot.com/2022/09/someones-been-messing-wit...

gary_0 on Feb 15, 2024 [–]

Thanks, that's the one! I was actually just trying to find it.

Heh, I forgot about the anime catgirl part.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact