PYPI Security Recap

### URL

https://twitter.com/di_codes/status/1610781657128108033

### When was this post released

4 January 2023

### Summary

> in 2022, the @pypi team removed >12,000 unique projects. each were instances of spam, typosquatting, dependency confusion, exfiltration and/or malware.
>
> 2022: ~12K (mostly malware)
> 2021: ~27K (mostly dep confusion)
> 2020: ~500
> 2019: 65
> 2018: 137
> 2017: 38

Ingram Brings up that most of the work has been handled by Himself, The Ee Durbin the Director of Infrastructure. Ingram calls for more support to provide PyPI with a paid staff.

Ingram also acknowledges that much of the detection of these attacks are with the help and support from security and observability companies like [@sonatype](https://twitter.com/sonatype), [@Phylum_IO](https://twitter.com/Phylum_IO), [@Checkmarx](https://twitter.com/Checkmarx), [@jfrog](https://twitter.com/jfrog), [@datadoghq](https://twitter.com/datadoghq), [@nao_sec](https://twitter.com/nao_sec), [@loginsoft_inc](https://twitter.com/Loginsoft_Inc), [@checkpointsw](https://twitter.com/CheckPointSW), [@theopenssf(https://twitter.com/theopenssf) and some others.

### Code of Conduct

- [ ] I would like my name mentioned on the podcast
- [X] I agree to follow this project's Code of Conduct

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

PYPI Security Recap #102

URL

When was this post released

Summary

Code of Conduct

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

PYPI Security Recap #102

Description

URL

When was this post released

Summary

Code of Conduct

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions