Every developer who runs pip install is potentially downloading a Trojan horse. We trust that packages from PyPI are safe, but that trust is increasingly misplaced.

The current security model relies on developers noticing something wrong and reporting it. That works for obvious compromises, but sophisticated actors like TeamPCP are getting better at hiding their tracks. Steganography in audio files is a perfect example—how many developers are going to think to check the WAV files bundled with a Python package?

The fix is straightforward if you were affected: pin to telnyx==4.87.0, rotate any credentials that might have been exposed, and audit your systems for the persistent malware. But that's reactive. The real question is how we prevent this from happening repeatedly.

Some in the security community are calling for mandatory code signing for PyPI packages. Others want automated sandboxed testing of packages before they're published. Both approaches would help, but they also add friction to the development process that many in the Python community resist.

The challenge is balancing security with the open, frictionless culture that made Python so popular. Developers like being able to publish packages instantly. They like the low barrier to entry. Adding security gates feels antithetical to that culture.

But the alternative is what we're seeing now: sophisticated threat actors targeting the supply chain because it's effective. Compromise one package that thousands of companies depend on, and you've got access to potentially thousands of targets.

TeamPCP has now successfully compromised two major packages in as many weeks. They're using the same RSA key and exfiltration patterns, which suggests they're confident they won't get caught. And honestly, they're probably right—attribution for this kind of attack is difficult, and even when you identify the actors, prosecution is nearly impossible if they're outside US jurisdiction.

The Python community needs to have an honest conversation about supply chain security. The current model isn't working. Packages are getting compromised, developers are getting infected, and the infrastructure to prevent or quickly detect these attacks doesn't exist.

If you're running Python in production, now would be a good time to audit your dependencies and implement some kind of package integrity monitoring. Because TeamPCP isn't stopping, and they're clearly getting more sophisticated.

The technology they're using is impressive, in a scary way. The question is whether the Python ecosystem can get its security house in order before supply chain attacks become the norm rather than the exception.

Japan's Physical AI Robots Are Filling Jobs Nobody Wants

2 days ago