med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

353
active users

#pypi

5 posts4 participants0 posts today

⚠️ Python developers are being targeted by a sophisticated phishing scam! Attackers spoof PyPI with a fake site (pypj.org) to steal login credentials via "email verification" requests. Never click suspicious links; always verify by visiting PyPI.org directly! Stay safe 👉 techradar.com/pro/security/pyt #CyberSecurity #Phishing #PythonDev #PyPI #InfoSec 🐍🔒 #newz

TechRadar · Python devs targeted with dangerous phishing attacks - here's how to stay safeBy Sead Fadilpašić

Incident Report of the recent #PyPI Phishing Campaign

TL,DR:
• PyPI was not breached
• PyPI users were targeted with phishing emails
• A single project saw uploads with malicious code and those releases have been removed

blog.pypi.org/posts/2025-07-31

blog.pypi.orgPyPI Phishing Attack: Incident Report - The Python Package Index BlogFollow-up on the recent phishing attack targeting PyPI users.

#cybersécurité #Python @pypi
Une attaque de phishing est en cours pour voler les identifiants de connexion des personnes ayant des paquets sur #PyPI. Les emails sont envoyés avec une petite coquille discrète dans l'adresse email d'expédition : noreply@pypj.org (pypi -> pypj). À noter que la plateforme elle-même n'a pas été attaquée.

- blog.pypi.org/posts/2025-07-28
- fosstodon.org/@ThePSF/11493149

blog.pypi.orgPyPI Users Email Phishing Attack - The Python Package Index BlogPyPI Users are receiving emails detailing them to log in to a fake PyPI site.

Popular Python package num2words v0.5.15 was flagged as compromised after being published without a GitHub tag. Linked to the "Scavenger" threat actor, it was quickly removed from PyPI. Projects using automated tools may have already pulled the malicious version. Check and downgrade if needed.

stepsecurity.io/blog/supply-ch

www.stepsecurity.ioSupply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise - StepSecurityPopular Python Package num2words v0.5.15 Published Without Repository Tag, Linked to Known Threat Actor

I just received a #Scam email from a #TypoSquatter. Sender: noreply@pypj.org

They're hoping I don't notice the typo for #PyPI (the #Python package index), and asking me to “follow this link to verify your email address”.

Don't follow the link, just mark the message as spam and delete it.

Be careful out there.

Beep, Beep - I am your friendly #Snakemake release announcement bot.

There is a new release of the Snakemake executor for #SLURM on #HPC systems. Its version now is 1.6.0!

Give us some time, and you will automatically find the plugin on #Bioconda and #Pypi.

If you want to discuss the release, you will find the maintainers here on Mastodon!
@rupdecat and @johanneskoester

If you discover any issues, please report them on github.com/snakemake/snakemake.

See github.com/snakemake/snakemake for details. Here is the header of the changelog:

𝑅𝑒𝑙𝑒𝑎𝑠𝑒 𝑁𝑜𝑡𝑒𝑠 (𝑝𝑜𝑠𝑠𝑖𝑏𝑙𝑦 𝑎𝑏𝑏𝑟𝑖𝑔𝑒𝑑):
𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐬

* added github action to label long pending issues as 'stale' (github.com/snakemake/snakemake) ([6d7c50a](github.com/snakemake/snakemake))
* treat sbatch errors as job errors instead of workflow errors (github.com/snakemake/snakemake) ([5e38507](github.com/snakemake/snakemake))
* using the current version of the announcement bot for Mastodon (github.com/snakemake/snakemake) ([03e0e24](github.com/snakemake/snakemake))

𝐁𝐮𝐠 𝐅𝐢𝐱𝐞𝐬

* allow unse...

A Snakemake executor plugin for submitting jobs to a SLURM cluster - snakemake/snakemake-executor-plugin-slurm
GitHubsnakemake/snakemake-executor-plugin-slurmA Snakemake executor plugin for submitting jobs to a SLURM cluster - snakemake/snakemake-executor-plugin-slurm

After some refactoring, learning about `hatch`, moving more files around, and generally abusing `test.pypi.org`: I've uploaded `diceparse` to PyPI. Still need to update the web documentation, but it now feels like a proper project at this point.

I still need to add a CLI part so you can just roll dice after installing the package, but I'll handle that later. Also need to tweak the README.md a bit as well...

I was annoyed that there is no "expand_grid()" function in :python: #Python as in :rstats: #RStats #tidyverse

So I just published a small package on #PyPI !

Introducing polarsgrid
pypi.org/project/polarsgrid/

Using the excellent #polars 🐻‍❄️ package, easily create a table with product of factors:

from polarsgrid import expand_grid
expand_grid(a=[1, 2, 3], b=["x", "y"])

Yields all combinations of its inputs as a #DataFrame

It can also produce a #LazyFrame for streaming extra-big tables to disk

pypi.orgClient Challenge

Just published version 1.16.6 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant encounter with such a creature. Includes a (kind of janky) #YARA rule for #GIFTEDCROOK infostealer PDFs.

* Github: github.com/michelcrypt4d4mus/p
* Pypi: pypi.org/project/pdfalyzer/
* Homebrew: formulae.brew.sh/formula/pdfal

#pypi#python#pdf

No i mamy kolejny powód, żeby nie używać #PythonPoetry. Właśnie wynaleźli na nowo "reproducible build", i wyszło jak zwykle. Całkiem przeoczyli cały sens tego pomysłu, i zaczęli wymuszać znaczniki czasu na plikach w archiwach źródłowych. A do tego, jak SOURCE_DATE_EPOCH nie jest ustawione, to zamiast wyłączać tę funkcję, wymuszają znacznik zerowy.

Tak więc wszystkie archiwa sdist tworzone przez Poetry i wrzucane na #PyPI dziś mają daty z roku 1970, co powoduje przypadkowe problemy. A najbardziej absurdalne w tym jest to, że ZIP nie obsługuje takich dat, więc kiedy tworzą archiwa binarne wheel, to nadpisuję tę datę inną przypadkową datą 🤦.

github.com/python-poetry/poetr

GitHubPoetry v2 attaches the epoch timestamp to all files in the sdist .tar.gz file · Issue #10083 · python-poetry/poetryBy pronovic

I enjoyed writing my first blog post last weekend, so I thought I'd write another one. This one is about a #bash script that became a #Python script and is now a package. All because I was too lazy to label plates and tubes in the lab by hand. The post is mostly about the history and motivation behind the package, i.e. the stuff that does't really fit into the README

gl-eb.me/blog/posts/2025-05-25

Gleb EbertGenerating Printable Labels – Gleb Ebert
More from Gleb Ebert
#quarto#foss#Pypi

#Python #Wikipedia library on #PyPi is currently broken. I was gonna do a crawl with it starting with "Earth" and then getting all pages linked from there and all from those, etc.

Unfortunately, "Earth" returns the page for "Death" instead. Every single time.

The next thing I tried I forget but it failed entirely. But Earth maps to Death in the library always right now.

#Wikipedia-api library works though.