Discord Contact
Modern Python Build Hooks

Modern Python Build Hooks

Phylum Insights and Resources
Arbitrary code execution is possible with build hooks offered by modern Python package installers when building modern PEP-518 pyproject.toml projects.
Charles Coggins 14 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Subscribe to our research

Keep up with the latest software supply chain attacks

⏲Please hold while we check our collection.

Something's gone wrong. Please try again.

Success! Check your inbox for our email.

Devious Python Build Requirements

Devious Python Build Requirements

Build requirements in Python source distributions allow attackers to execute arbitrary code in an isolated build environment that is automatically deleted after use....
Charles Coggins 11 min read
Python Trojan Functions and Imports

Python Trojan Functions and Imports

Learn basic techniques attackers use to create malicious packages with trojan features found in attacks, including typosquatting, starjacking, dependency confusion, and lockfile injection....
Charles Coggins 3 min read
Python Package Spoofing

Python Package Spoofing

Find out how easy it is for threat actors to spoof legitimate Python packages as the foundation of their attacks on the software supply chain....
Charles Coggins 6 min read