Python phukusi la PyPI (Python Package Index) lasiya kwakanthawi kulembetsa ogwiritsa ntchito atsopano ndi ma projekiti. Chifukwa chomwe chaperekedwa ndikuchulukirachulukira kwa omwe akuwukira omwe ayamba kufalitsa mapaketi okhala ndi ma code oyipa. Zimadziwika kuti, popeza olamulira angapo anali patchuthi, sabata yatha kuchuluka kwa mapulojekiti oyipa olembetsedwa kudaposa kuthekera kwa gulu lotsala la PyPI kuti liyankhe mwachangu. Madivelopa akukonzekera kumanganso njira zotsimikizira kumapeto kwa sabata, ndikuyambiranso kuthekera kolembetsa ndi malo osungira.
Malinga ndi dongosolo lowunikira zochitika zoyipa kuchokera ku Sonatype, mu Marichi 2023, mapaketi oyipa 6933 adapezeka m'kabukhu la PyPI, ndipo kwathunthu, kuyambira 2019, kuchuluka kwazinthu zoyipa zomwe zapezeka zapitilira 115. Mu Disembala 2022, chifukwa cha kuwukira kwa manambala a NuGet, NPM ndi PyPI, kusindikizidwa kwa mapaketi 144 okhala ndi phishing ndi spam code kudalembedwa.
Maphukusi ambiri oyipa amabisika ngati malaibulale odziwika pogwiritsa ntchito typosquatting (kupereka mayina ofanana omwe amasiyana ndi zilembo, mwachitsanzo, mwachitsanzo, djangoo m'malo mwa django, pyhton m'malo mwa python, ndi zina zotero) - owukira amadalira ogwiritsa ntchito osazindikira omwe adapanga typo kapena sanazindikire kusiyana kwa dzina pofufuza. Zochita zoyipa nthawi zambiri zimatsikira pakutumiza zinsinsi zopezeka pamakina am'deralo chifukwa chozindikira mafayilo omwe ali ndi mawu achinsinsi, makiyi olowera, ma crypto wallet, ma tokeni, ma Cookies ndi zinsinsi zina.
Source: opennet.ru