PyPI Malware Observation Report Outcomes - Private Preview


I recently shared a bit about how malware reporting for PyPI projects has evolved.

A question folks have often asked about is “what happens after our report is submitted?” as well as “can we learn about other packages that have been taken down that we didn’t report?”

As part of the continued evolution in protecting PyPI and its community, we’re opening up a private preview to pursue along with the participants to evolve our malware reporting capabilities, in order to better serve the community as a whole.

If you are a security squad, interested individual, malware masher, or something in between, register your interest by completing this form, and get an invite to the private GitHub repo to engage with us on this initiative.

See you there!