python-dateutils—A Cryptominer in Disguise Targeting Windows, Linux, macOS

By Ax Sharma on June 29, 2022 vulnerabilities

5 minute read time

We analyze a suspicious 'python-dateutils' PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux systems.
Read More...

Python packages upload your AWS keys, env vars, secrets to the web

By Ax Sharma on June 23, 2022 vulnerabilities

5 minute read time

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
Read More...

This Week in Malware—npm malware exfiltrates Windows SAM, Amazon EC2 credentials

By Ax Sharma on June 10, 2022 vulnerabilities

4 minute read time

Malicious packages caught this week exfiltrate Amazon EC2, Windows SAM credentials, and launch malicious executables.
Read More...

Trojanized PyPI Package Imitates a Popular Python Server Library

By Ax Sharma on February 27, 2022 vulnerabilities

7 minute read time

A trojanized PyPI component 'aiohttp-socks5' has been identified by Sonatype's automated malware detection system, imitating the real 'aiohttp-socks' lib.
Read More...

OSS Index Contributor Asks: Where 'R' You?

2 minute read time

Dr. Colin Gillespie, co-author of the book, Efficient R Programming, talks about contributing to open source software projects and using OSS Index.
Read More...

Observability Made Easy with Synthetic Monitoring

By Erik Dietrich on June 16, 2020 python

3 minute read time

A small number of apps disproportionately skewed aggregate metrics and sent false alarms. The solution was DIY synthetic monitoring using Python.
Read More...

How to Easily Identify Conda Vulnerabilities Using Sonatype Jake

By Aditya Khanduri on February 20, 2020 Everything Open Source

6 minute read time

Jake, a free tool, identifies vulnerabilities in a Conda environment. It's simple to use, saves time, and empowers you to develop Python projects faster.
Read More...

Proxy a Conda Repository Using Nexus Repo

By Sable Yemane on November 15, 2019 python

2 minute read time

Conda is popular with data scientists because they can take advantage of Python's flexibility while using existing C and Fortran models and libraries.
Read More...

PyCharm and Nexus Repository Manager - A Match Made in Heaven

By Sable Yemane on May 01, 2019 Nexus Repository

3 minute read time

Great news for Python developers, Nexus Repository Manager (NXRM) now natively supports PyCharm; no extra configuration needed.
Read More...