Nir Cohen describes Wagon, which takes Python wheels, packages them together, adds metadata, and allows for offline extraction and installation.

Multiple open source software packages on the Python Package Index (PyPI) repository were found to be malicious, likely compromising thousands of devices, experts have warned.

A recently spotted supply chain attack abused an old but legitimate Python package to deliver a malicious payload. Read more on how the attacker managed to do it and how to protect yourself from it.

Python Development Master taps new features in Python to manage a project’s packages without the overhead imposed by a virtual environment.

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.

Security firm Checkmarx found that one in three software packages from PyPI contains a flaw that can lead to malicious code being automatically installed. Many software packages from the Python ...

All-in-one Python project management tool written in Rust aims to replace pip, venv, and more. Here's a first look.