Comment by what
2 days ago
Pinning doesn’t help you. They can replace the package and you’ll get the new one. You have to vendor the dependencies.
2 days ago
Pinning doesn’t help you. They can replace the package and you’ll get the new one. You have to vendor the dependencies.
Pinning the SHA package hash would help? I am not too familiar with Python dependency management, so not sure if this is supported.
I don't think pypi or npm allow replacing existing packages?
They absolutely do. In this case litellm 1.82.8 had been out for at least a week (can’t recall the exact date offhand). The compromised version was a replacement.
It actually wasn't. That was one of the reasons why I looked into what was changed. Even 1.82.6 is only at an RC release on github since just before the incident.
So the fact that 1.82.7 and then 1.82.8 were released within an hour of each other was highly suspicious.
Ah, my mistake! Thanks for the correction.
But I believe you can replace versions on both, nonetheless. It’s a multi step process, unpublish then publish again. But the net effect is the same.
2 replies →
1.82.7 and 1.82.8 were only up for about 3 hours before they were quarantined on PyPI.