Package managers be like - eviltoast

Sorry Python but it is what it is.

    • Redscare867@lemmy.ml
      link
      fedilink
      English
      arrow-up
      23
      ·
      1 year ago

      Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?

        • fragment@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          It’s less the name squatting and more pip not supporting a certain PyPI resolution order: https://github.com/pypa/pip/issues/8606

          For example, I have A, B and C in my requirements.txt but I want to install C from my own private PyPI. Everything works fine until someone uploads a package name C to the public PyPI then suddenly I’m not installing my private package anymore.

          • _stranger_@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Yeah, I remember now. the name squatting was from people putting malicious packages under misspelled names of well known packages, like “requets” instead of requests.