A researcher going by the handle mschwager on GitHub demonstrated an attack method that abuses the 'setup.py' file in Python modules to perform code execution when the package is installed.

Have you ever wished you could edit Python packages installed locally without reinstalling them? Editable installs are the way.

Setting up uv and working with venvs There are a few different ways to install uv. A common and easy way to get started is to use pip to install uv into an underlying Python installation.

The attack, which started in May 2023 with "several" malicious packages uploaded to the Python Package Index (PyPI) official repository, was capable of impacting at least 100,000 GitHub ...