Phylum Detects Suspicious Publications Surrounding Popular Python Package Flask

On the morning of May 10, 2023, Phylum’s automated risk detection platform flagged a series of publications surrounding the popular Flask package on PyPI. After reaching out to the author, we discovered that they were

Subscribe to our research

Keep up with the latest software supply chain attacks

⏲Please hold while we check our collection.

Something's gone wrong. Please try again.

Success! Check your inbox for our email.

Bad Beat Poetry

Lockfiles are great. They can also be hard to review and a source of malicious code injection....