TIL that Python’s pip is not curated, and anybody can publish code (malicious or otherwise).


Is this common knowledge? I've been using Python for years, trusting pip the same way I do apt or other package managers. I didn't realize this was uncurated in such a way. I feel kind of dumb tbh.

Anybody else have similar experience?

submitted by /u/gnulynnux
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *