Ars Technica

PyPI halted new users and projects while it fended off supply-chain attack

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...
InfoWorld

How to use editable installs for Python packages

When you install Python packages into a given instance of Python, the default behavior is for the package’s files to be copied into the target installation. But sometimes you don’t want to copy the ...
Computer Weekly

Open source security and sustainability remain unsolved problem

While software bills of materials offer some transparency over software components, they don’t solve the imbalance between ...
InfoWorld

Pyrefly and Ty: Two new Rust-powered Python type-checking tools compared

What is most striking about Python’s latest wave of third-party tooling is that they aren’t written in Python. Instead, many of the newer tools for project management, code formatting, and now type ...