#319: Typosquatting and Supply Chains Vulnerabilities
Talk Python To Me6 Kesä 2021

#319: Typosquatting and Supply Chains Vulnerabilities

One of the true superpowers of Python is the libraries over at the Python Package Index. They are all just a "pip install" away. Yet, like all code that you run on your system, it is done with some degree of trust. How do we know that all of those useful packages are trustworthy? That's the topic of this episode. Bentz Tozer and John Speed Meyers are here to share their research into typosquatting on PyPI and other sneaky deeds. But we also discuss some potential solutions and fixes.

Jaksot(544)

#545: OWASP Top 10 (2025 List) for Python Devs

#545: OWASP Top 10 (2025 List) for Python Devs

The OWASP Top 10 just got a fresh update, and there are some big changes: supply chain attacks, exceptional condition handling, and more. Tanya Janca is back on Talk Python to walk us through every si...

16 Huhti 1h 6min

#544: Wheel Next + Packaging PEPs

#544: Wheel Next + Packaging PEPs

When you pip install a package with compiled code, the wheel you get is built for CPU features from 2009. Want newer optimizations like AVX2? Your installer has no way to ask for them. GPU support? Yo...

10 Huhti 1h 11min

#543: Deep Agents: LangChain's SDK for Agents That Plan and Delegate

#543: Deep Agents: LangChain's SDK for Agents That Plan and Delegate

When you type a question into ChatGPT, the model only has what you typed to work with. But tools like Claude Code can plan, iterate, test, and recover from mistakes. They work more like we do. The dif...

1 Huhti 1h 3min

#542: Zensical - a modern static site generator

#542: Zensical - a modern static site generator

If you've built documentation in the Python ecosystem, chances are you've used Martin Donath's work. His Material for MKDocs powers docs for FastAPI, uv, AWS, OpenAI, and tens of thousands of other pr...

25 Maalis 1h 4min

#541: Monty - Python in Rust for AI

#541: Monty - Python in Rust for AI

When LLMs write code to accomplish a task, that code has to actually run somewhere. And right now, the options aren't great. Spin up a sandboxed container and you're paying a full second of cold start...

19 Maalis 1h 5min

#540: Modern Python monorepo with uv and prek

#540: Modern Python monorepo with uv and prek

Monorepos -- you've heard the talks, you've read the blog posts, maybe you've seen a few tantalizing glimpses into how Google or Meta organize their massive codebases. But it's often in the abstract a...

13 Maalis 1h 2min

#539: Catching up with the Python Typing Council

#539: Catching up with the Python Typing Council

You're adding type hints to your Python code, your editor is happy, autocomplete is working great. But then you switch tools and suddenly there are red squiggles everywhere. Who decides what a float a...

6 Maalis 1h 1min

#538: Python in Digital Humanities

#538: Python in Digital Humanities

Digital humanities sounds niche, until you realize it can mean a searchable archive of U.S. amendment proposals, Irish folklore, or pigment science in ancient art. Today I’m talking with David Flood f...

28 Helmi 1h 12min