Malicious package may avoid detection in python auditing
Python Auditing Vulnerability Demonstrates how a malicious package can insert a load-time poison pill to avoid detection by tools like Safety. Tools that are designed to find vulnerable packages can not ever run in the same python environment that they are trying to protect. Usage Install safety, insecure-package, and this package with pip in the same python environment. Order doesn't matter. pip install safety pip install insecure-package pip install dist/malicious-0.1-py3-none-any.whl …