Forking confusing: Vulnerable Rust crate exposes uv Python packager

A vulnerability in the popular Rust crate async-tar has affected the fast uv Python package manager, which uses a forked version that's now patched – but the most widely downloaded version remains ...
SD Times

ActiveState Launches Python Package Manager Index (PyPM Index)

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
Bleeping Computer

New Python tool checks NPM packages for manifest confusion issues

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry. Last week, a former ...

Python Software Foundation: Equal Opportunity More Important Than US Funding

The PSF forgoes potential funding because the requirements explicitly prohibit programs promoting equal opportunity under DEI ...
ZDNet

Malicious Python libraries targeting Linux servers removed from PyPI

A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on ...