Python Packages security


I was wondering what kind of security measures are being taken by individuals to make sure that they are not downloading any malicious package from PyPi etc?

Since anybody can upload package to it and their no security checks or preventative measures taken from PyPi itself.

1 Like
  1. Audit the code before installing it and only install packages from reputable developers.
  2. Read Python Security doc on Packages and PyPi.
  3. You may want to use Safety package :slight_smile:
  4. You may want to use Bandit package :slight_smile:
  5. Use PyUP service to scan dependencies for vulnerabilities.
  6. Check this list of Insecure Python Packages.
  7. And the good news - The Python Software Foundation has revealed that work will begin in December to add “advanced security features” to the core Python Package Index (PyPI).