▲ | Num2words PyPI Package Compromised(stepsecurity.io) | ||||||||||||||||||||||
21 points by varunsharma07 2 days ago | 6 comments | |||||||||||||||||||||||
▲ | zahlman an hour ago | parent | next [-] | ||||||||||||||||||||||
> The compromise was first identified through several concerning indicators: > Missing Repository Tag: Unlike previous releases, version 0.5.15 was published to PyPI without a corresponding tag in the official GitHub repository at https://github.com/savoirfairelinux/num2words/tags > Timing Discrepancy: The package appeared on PyPI without any associated commits or release activities in the source repository > Community Alert: Security researcher @johnk3r quickly raised the alarm on social media, warning the community about potential compromise This is one of the AI "tells" that I find especially strange. It doesn't just overuse these bullet-point lists; it puts things in the list that clearly don't belong. The "community alert", of course, is not a "concerning indicator" that was used to identify the compromise. But if you take that out, "several" is a strange way to describe "two", and the whole thing would clearly be better written as free-form prose. | |||||||||||||||||||||||
▲ | vdupras 2 days ago | parent | prev | next [-] | ||||||||||||||||||||||
What a blast from the past, I created that library, what more than a decade ago? How simpler the world was back then. This was used by nobody except us for our little shitty use case. How noisy this project has become! | |||||||||||||||||||||||
| |||||||||||||||||||||||
▲ | varunsharma07 2 days ago | parent | prev [-] | ||||||||||||||||||||||
Popular Python Package num2words v0.5.15 Published Without Repository Tag, Linked to Known Threat Actor |