Ebe nchekwa ngwugwu Python PyPI (Python Package Index) akwụsịla ịdenye ndị ọrụ na ọrụ ọhụrụ aha nwa oge. Ihe kpatara ya bụ mmụba nke ọrụ nke ndị mwakpo malitere ibipụta ngwungwu nwere koodu ọjọọ. Achọpụtara na, n'ihi eziokwu ahụ bụ na ọtụtụ ndị nchịkwa nọ na ezumike, n'izu gara aga, olu nke ọrụ ọjọọ edebanyere aha karịrị ike nke ndị PyPI fọdụrụnụ iji zaghachi ngwa ngwa. Ndị mmepe ahụ na-eme atụmatụ iwughachi ụfọdụ usoro nkwenye n'ime izu ụka, wee maliteghachi ikike ịdebanye aha na ebe nchekwa.
Dabere na sistemụ nleba anya ihe omume ọjọọ sitere na Sonatype, na Machị 2023, a chọtara ngwugwu ọjọọ 6933 na katalọgụ PyPI, na mkpokọta, kemgbe 2019, ọnụ ọgụgụ nke ngwugwu ọjọọ achọpụtala karịrị 115 puku. Na Disemba 2022, n'ihi mwakpo a na akwụkwọ ntuziaka NuGet, NPM na PyPI, edekọtara mbipụta puku ngwugwu 144 nwere phishing na koodu spam.
A na-agbanwe ọtụtụ ngwugwu ọjọọ dị ka ọba akwụkwọ ndị a ma ama na-eji typosquatting (na-ekenye aha ndị yiri ya dị iche iche na mkpụrụedemede ọ bụla, dịka ọmụmaatụ, ihe atụ kama ihe atụ, djangoo kama django, pyhton kama python, wdg) - ndị na-awakpo na-adabere na ndị ọrụ na-adịghị ege ntị nke mere ihe atụ. typo ma ọ bụ ahụghị ọdịiche dị na aha mgbe ị na-achọ. Omume ọjọọ na-agbadata na izipu data nzuzo achọtara na sistemụ mpaghara n'ihi ịchọpụta faịlụ ndị nwere okwuntughe, igodo ohere, obere akpa crypto, akara, kuki nnọkọ na ozi nzuzo ndị ọzọ.
isi: opennet.ru