I made a thing, a soundscape based on #PyPI package data feed updates 🎶🐍📦🎶

Maybe you'll enjoy it too?
https://miketheman.github.io/listen-to-pypi/

Beep, Beep - I am your friendly #Snakemake release announcement bot.

There is a new release of the 𝐒𝐧𝐚𝐤𝐞𝐦𝐚𝐤𝐞 𝐄𝐱𝐞𝐜𝐮𝐭𝐨𝐫 𝐏𝐥𝐮𝐠𝐢𝐧 𝐟𝐨𝐫 𝐒𝐋𝐔𝐑𝐌 systems. Its version now is 2.6.1!

Give us some time, and you will automatically find the plugin on #Bioconda and #Pypi.

This plugin is relevant for #HPC users using the #SLURM batch system.
The maintainers are here on Mastodon -
@rupdecat and @johanneskoester.

If you discover any issues, please report them on https://github.com/snakemake/snakemake-executor-plugin-slurm/issues.

See https://github.com/snakemake/snakemake-executor-plugin-slurm/releases/tag/v2.6.1 for details. Here is the header of the changelog:
𝑅𝑒𝑙𝑒𝑎𝑠𝑒 𝑁𝑜𝑡𝑒𝑠 (𝑝𝑜𝑠𝑠𝑖𝑏𝑙𝑦 𝑎𝑏𝑏𝑟𝑖𝑔𝑒𝑑):
𝐁𝐮𝐠 𝐅𝐢𝐱𝐞𝐬

* code refactoring: https://github.com/snakemake/snakemake-executor-plugin-slurm/issues/451
* handle integer slurm_account values from YAML parsing: https://github.com/snakemake/snakemake-executor-plugin-slurm/issues/448

The PSF is looking for a PyPI Sustainability Engineer to join the team! This is a full time, 1-year contract (with the possibility of renewal), globally remote position. If you love #Python, care about open source, and want your work to matter at infrastructure scale–consider applying! Please boost this post and share with your colleagues and networks. #PyPI #Python

https://pythonsoftwarefoundation.applytojob.com/apply/xz5k3X31UQ/Sustainability-Engineer-PyPI
https://pythonsoftwarefoundation.applytojob.com/apply/xz5k3X31UQ/Sustainability-Engineer-PyPI

This website accuses common libraries of being hit by malware attacks without substantiating evidence.

Couldn't find reports of #orjson being highjacked, just this websites assertion.

The same website calls my apps vulnerable and malicious, also, doesn't exactly say why.

#pypi #supplychain

https://secure.software/pypi/packages/orjson

Publish #Python packages to #PyPI using a trusted publisher is a nice move, but I hope there will be more official trusted publishers in a near future.

https://406.ch/writing/switching-all-of-my-python-packages-to-pypi-trusted-publishing/

Fake recruiter campaign targets crypto developers with RAT

A sophisticated fake recruitment campaign named 'graphalgo' has been active since May 2025, targeting JavaScript and Python developers in the cryptocurrency sector. Attackers approach victims through LinkedIn, Facebook, and Reddit with fabricated job opportunities from fake blockchain companies like Veltrix Capital. The campaign uses malicious dependencies hidden in npm and PyPI packages, delivered through coding test repositories on GitHub. Notable is the bigmathutils package that accumulated over 10,000 downloads before its malicious version was released. The operation deploys a remote access trojan (RAT) with token-protected C2 communication, file manipulation capabilities, and functionality to detect the Metamask browser extension, indicating focus on cryptocurrency theft. The modular campaign design allows threat actors to maintain backend infrastructure while easily replacing compromised frontend elements.

Pulse ID: 69dd073f50edefa3e44adec6
Pulse Link: https://otx.alienvault.com/pulse/69dd073f50edefa3e44adec6
Pulse Author: AlienVault
Created: 2026-04-13 15:09:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BlockChain #Browser #CyberSecurity #Facebook #GitHub #InfoSec #Java #JavaScript #LinkedIn #NPM #OTX #OpenThreatExchange #PyPI #Python #RAT #RemoteAccessTrojan #Trojan #bot #cryptocurrency #developers #AlienVault

Il colloquio di lavoro come arma: Lazarus Group e la campagna Graphalgo contro gli sviluppatori crypto

https://insicurezzadigitale.com/il-colloquio-di-lavoro-come-arma-lazarus-group-e-la-campagna-graphalgo-contro-gli-sviluppatori-crypto/

A couple of links with tips to help with supply chain security:

* https://github.com/lirantal/npm-security-best-practices
* https://bernat.tech/posts/securing-python-supply-chain/

#python #javascript #pypi #npm #security #infosec #supplychain