pip包供应链污染示例,需要自行完成pip账号注册
逻辑都在setup里面,打包后产生的文件在dist目录
打包和安装时都会执行内部逻辑,所以增加了一个本地文件检测,在打包时不执行逻辑
打包压缩: python3 setup.py sdist
上传包:twine upload dist/*
-
Notifications
You must be signed in to change notification settings - Fork 0
johnniesong/pip-taint
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
pip包供应链污染示例。Example of supply chain contamination in pip packages.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published