Khám phá các gói Python tương tự bằng cách sử dụng độ tương tự Jaccard trên các依赖 chung #pypdepsim #Python #JaccardSimilarity #GóiPythonTươngTự #TìmKiếmGóiMới #CôngCụLậpTrình #PythonPackages #SimilarPackages #JaccardSimilarityAlgorithm

https://www.reddit.com/r/opensource/comments/1ommyyx/pypdepsim_discover_similar_python_packages_using/

PyOCI – Publish and install private Python packages using OCI/Docker registries

https://github.com/AllexVeldman/pyoci

#HackerNews #PyOCI #PythonPackages #OCI #DockerRegistry #OpenSource #SoftwareDevelopment

Key Points:
➡️ "pip show" command displays package metadata, including dependencies.
➡️ "pip freeze" lists all installed packages and their versions.
➡️ Check "requirements.txt" for project dependencies.
➡️ "pipdeptree" visualizes the dependency tree.
➡️ Use virtual environments to manage dependencies in isolation.

https://sqlpey.com/python/top-5-methods-to-list-package-dependencies-using-pip

#Python#Dependencies #Pip #Programming #PythonPackages #pipdeptree

Cybercriminals Abusing Stack Overflow to Distribute Malware

Date: May 30, 2024

CVE: Not specified

Vulnerability Type: Social Engineering, Malware Distribution

CWE: [[CWE-494]], [[CWE-434]], [[CWE-22]]

Sources: BleepingComputer

Synopsis

Cybercriminals are exploiting Stack Overflow to distribute malware by posing as helpful users and promoting malicious packages as solutions to programming queries.

Issue Summary

Cybercriminals are posing as users on Stack Overflow to answer questions with solutions that involve installing a malicious PyPi package named 'pytoileur'. This package, part of the "Cool package" campaign, targets Windows users by installing information-stealing malware.

Technical Key Findings

The malicious package 'pytoileur' includes a setup script that contains an obfuscated Base64 encoded command. This command, when decoded, downloads and executes a malware executable disguised as 'runtime.exe'. This malware is designed to steal sensitive information like cookies, passwords, browser history, and other data from web browsers.

Vulnerable Products

• Windows operating systems targeted via the PyPi package 'pytoileur'.

Impact Assessment

The malware can steal a wide range of personal and sensitive data, including login credentials, financial information, and personal documents. This data can be sold on dark web markets or used for further cyberattacks.

Patches or Workaround

Developers should always verify the authenticity of packages before installation and inspect the code for any obfuscated or unusual commands. No specific patches are provided, but vigilance in package verification is crucial.

Tags

#Malware #PyPi #Windows #StackOverflow #InformationStealer #Cybersecurity #SocialEngineering #SoftwareDevelopment #PythonPackages

🎉🎊 The results are in! 🎉🎊

Hey Pythonistas! 🐍

We conducted a poll on your favorite Python packages! 🗳 Here's what you all chose

Thank you to everyone who participated! 🙌 Keep coding, and may your packages always import smoothly! 🚀✨

#PythonPackages #Python #PyConIndia2024

It was a close competition. Here are some of the other packages you liked:
FastAPI
plotly
Qiskit
modin
TensorFlow
pytest
sqlalchemy
flask

IDK how I can be this late to realise there's 'pipx' for python package management, which is better than the old way of managing python packages 'pip'. I found it really nice that 'pipx' have a feature that allows to run a specific package to try it out before installing it. How comes I only realizing 'pipx' is existing just now 🤯 , like I have been leaving under a rock for years. 😅 🙄

#python #pythonpackages #pip #pipx