Pipguard – 在 pip install 运行之前捕获 .pth 恶意软件
通过恶意 .pth 文件进行的 LiteLLM 供应链攻击让我意识到 pip install 仍然存在很大的安全隐患。Pipguard 是一款轻量级、零配置的工具,它在安装前扫描软件包并阻止明显的恶意软件模式。我在本地进行了测试——它立即捕捉到了几个红旗警告。
链接: https://pypi.org/project/pipguard/
来源: https://github.com/shenxianpeng/pipguard
查看原文
The LiteLLM supply-chain attack via malicious .pth file made me realize how exposed pip install still is.
Pipguard is a lightweight, zero-config tool that scans packages before installation and blocks obvious malware patterns.
Tested it locally — it caught several red flags instantly.
https://pypi.org/project/pipguard/
Source: https://github.com/shenxianpeng/pipguard