Ma'ajiyar kunshin PyPI (Python Package Index) Python ta dakatar da yin rijistar sabbin masu amfani da ayyuka na ɗan lokaci. Dalilin shi ne karuwar ayyukan maharan da suka shirya buga fakiti tare da lambar ɓarna. An lura cewa tare da masu gudanarwa da yawa a lokacin hutu, adadin ayyukan mugunta da aka yiwa rajista a makon da ya gabata ya wuce ikon sauran ƙungiyar PyPI don amsawa da sauri. Masu haɓakawa suna shirin sake gina wasu hanyoyin tabbatarwa a ƙarshen mako, bayan haka za su dawo da yiwuwar yin rajista a cikin ma'ajiyar.
Dangane da tsarin sa ido kan malware na Sonatype, a cikin Maris 2023, an sami fakitin ɓarna 6933 a cikin kundin PyPI, kuma gabaɗaya, tun daga 2019, adadin fakitin ɓarna da aka gano ya wuce 115. A cikin Disamba 2022, harin da aka kai kan NuGet, NPM, da PyPI catalogs ya haifar da buga fakiti 144 na yaudara da lambar wasiƙa.
Yawancin fakiti suna jujjuya kansu a matsayin shahararrun ɗakunan karatu (a sanya sunayensu iri ɗaya waɗanda suka bambanta a cikin haruffa, da sauransu) na Python, da sauransu). typo ko bai lura da bambance-bambance a cikin sunan ba lokacin bincike. Ayyukan mugunta yawanci suna saukowa zuwa aika bayanan sirri da aka samo akan tsarin gida sakamakon ma'anar fayiloli na yau da kullun tare da kalmomin shiga, maɓallan shiga, walat ɗin crypto, alamu, kukis na zaman da sauran bayanan sirri.
source: budenet.ru