Articles tagged pypi on devtake.dev.https://devtake.dev/en-ushttps://devtake.dev/article/pytorch-lightning-pypi-compromise-mini-shai-hulud/https://devtake.dev/article/pytorch-lightning-pypi-compromise-mini-shai-hulud/Two malicious lightning releases hit PyPI on April 30. The 42-minute window was enough to ship an RSA-encrypted infostealer to ML developers worldwide.Sat, 02 May 2026 09:00:00 GMTsecuritypytorch-lightningpypisupply-chainmini-shai-huludcredential-theftpythonmlsecurityluca-reinhardthttps://devtake.dev/article/canisterworm-namastex-npm-pypi-supply-chain/https://devtake.dev/article/canisterworm-namastex-npm-pypi-supply-chain/Socket flagged a self-propagating worm in @automagik/genie, pgserve, and 14 sibling Namastex Labs packages. It steals 40 credential categories and republishes itself.Tue, 28 Apr 2026 16:30:00 GMTsecuritynpmsupply-chaincanisterwormsecuritynamastexteampcppypicredential-theftluca-reinhardthttps://devtake.dev/article/gpt-proxy-npm-supply-chain/https://devtake.dev/article/gpt-proxy-npm-supply-chain/Aikido found a stage-2 Go binary inside two health-check-themed packages that runs an OpenAI-compatible router routing Claude, GPT, and Gemini traffic through Chinese aggregators.Sat, 25 Apr 2026 07:30:00 GMTsecuritysupply-chainnpmpypiai-securitymalwarellmchinacredential-theftluca-reinhardt