Mike Fiedler: There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects. TL,DR: Adopt Trusted Publishing 🔐🚀📦 blog.pypi.org/posts/2025-1...

See full post

Mike Fiedler miketheman.com
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects. TL,DR: Adopt Trusted Publishing 🔐🚀📦 blog.pypi.org/posts/2025-1...
PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats - The Python Package Index Blog

Shai-Hulud is a great worm, not yet a snake. Attack on npm ecosystem may have implications for PyPI.

blog.pypi.org
Nov 26, 2025 21:02
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙