« BackTell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromisedgithub.comSubmitted by dot_treo 8 hours ago
  • santiago-pl an hour ago

    It looks like Trivy was compromised at least five days ago. https://www.wiz.io/blog/trivy-compromised-teampcp-supply-cha...

    • Nayjest 23 minutes ago

      Use secure and minimalistic lm-proxy instead:

      https://github.com/Nayjest/lm-proxy

      ``` pip install lm-proxy ```

      Guys, sorry, as the author of a competing opensource product, I couldn’t resist

      • ajoy 42 minutes ago

        Reminded me of a similar story at openSSH, wonderfully documented in a "Veritasium" episode, which was just fascinating to watch/listen.

        https://www.youtube.com/watch?v=aoag03mSuXQ

        • ilusion 31 minutes ago

          Does this mean opencode (and other such agent harnesses that auto update) might also be compromised?

          • sudorm 15 minutes ago

            are there any timestamps available when the malicious versions were published on pypi? I can't find anything but that now the last "good" version was published on march 22.

            • sudorm 3 minutes ago

              according to articles the first malicious version was published at roughly 8:30 UTC and the pypi repo taken down at ~11:25 UTC.

            • Ayc0 29 minutes ago

              Exactly what I needed, thanks.

              • rgambee 7 hours ago

                Seems that the GitHub account of one of the maintainers has been fully compromised. They closed the GitHub issue for this problem. And all their personal repos have been edited to say "teampcp owns BerriAI". Here's one example: https://github.com/krrishdholakia/blackjack_python/commit/8f...

                • somehnguy an hour ago

                  Perhaps I'm missing something obvious - but what's up with the comments on the reported issue?

                  Hundreds of downvoted comments like "Worked like a charm, much appreciated.", "Thanks, that helped!", and "Great explanation, thanks for sharing."

                  • kamikazechaser an hour ago

                    Compromised accounts. The malware targeted ~/.git-credentials.

                  • homanp 6 hours ago

                    How were they compromised? Phishing?

                    • bfeynman 8 hours ago

                      pretty horrifying. I only use it as lightweight wrapper and will most likely move away from it entirely. Not worth the risk

                      • dot_treo 7 hours ago

                        Even just having an import statement for it is enough to trigger the malware in 1.82.8.