TIL that Python’s pip is not curated, and anybody can publish code (malicious or otherwise).

reddit

Is this common knowledge? I've been using Python for years, trusting pip the same way I do apt or other package managers. I didn't realize this was uncurated in such a way. I feel kind of dumb tbh.

Anybody else have similar experience?

submitted by /u/gnulynnux
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *