No, PyPI is an open repository, anyone can upload code. If we're informed of a malicious package, we'll remove it, but we can't make any claims to the security of individual packages.
Alex On Thu, Feb 7, 2019 at 9:55 PM Prateek Mohta <prateek.mo...@equifax.com> wrote: > Hey , > > I wanted to check if the packages available on Pypi.org are scanned for > any security vulnerabilities or not, can you please confirm. > > My concern is how do you control if someone uploads a malicious code on > Github > > > Prateek Mohta > Data Scientist, Data and Analytics > Equifax Inc. > > O 770-740-5756 > C 404-797-3893 > [cid:image002.png@01D4BF16.AE5EC860]<http://www.equifax.com/> > > > This message contains proprietary information from Equifax which may be > confidential. If you are not an intended recipient, please refrain from any > disclosure, copying, distribution or use of this information and note that > such actions are prohibited. If you have received this transmission in > error, please notify by e-mail postmas...@equifax.com. Equifax® is a > registered trademark of Equifax Inc. All rights reserved. > ----------------------------- > Python Security Response Team > Unsubscribe: > https://mail.python.org/mailman/options/psrt/alex.gaynor%40gmail.com > -- All that is necessary for evil to succeed is for good people to do nothing.
-- Distutils-SIG mailing list -- distutils-sig@python.org To unsubscribe send an email to distutils-sig-le...@python.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@python.org/message/UYXFLV33RDFE4HHMLYK3A5AH7VNCUFGH/