No, PyPI is an open repository, anyone can upload code. If we're informed of a malicious package, we'll remove it, but we can't make any claims to the security of individual packages.
Alex On Thu, Feb 7, 2019 at 9:55 PM Prateek Mohta <[email protected]> wrote: > Hey , > > I wanted to check if the packages available on Pypi.org are scanned for > any security vulnerabilities or not, can you please confirm. > > My concern is how do you control if someone uploads a malicious code on > Github > > > Prateek Mohta > Data Scientist, Data and Analytics > Equifax Inc. > > O 770-740-5756 > C 404-797-3893 > [cid:[email protected]]<http://www.equifax.com/> > > > This message contains proprietary information from Equifax which may be > confidential. If you are not an intended recipient, please refrain from any > disclosure, copying, distribution or use of this information and note that > such actions are prohibited. If you have received this transmission in > error, please notify by e-mail [email protected]. Equifax® is a > registered trademark of Equifax Inc. All rights reserved. > ----------------------------- > Python Security Response Team > Unsubscribe: > https://mail.python.org/mailman/options/psrt/alex.gaynor%40gmail.com > -- All that is necessary for evil to succeed is for good people to do nothing.
-- Distutils-SIG mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/UYXFLV33RDFE4HHMLYK3A5AH7VNCUFGH/
