Skip to content
/ piproxy Public

A proxy for pip that protects against name confusion attacks

License

Apache-2.0 license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VDOO-Connected-Trust/piproxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
broken_wheel-1.0.0-py3-none-any.whl
broken_wheel-1.0.0-py3-none-any.whl
 
 
piproxy.py
piproxy.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

piproxy

A proxy for pip that protects against name confusion attacks

To use piproxy, first execute it as a background process:

python3 piproxy.py <private_repo_url_1> [<private_repo_url_2>] ... &

And then run pip as follows:

pip install -i localhost:8080 <package_name>

Disclaimer

This is proof-of-concept code related to our post on wheel-jacking.

The code is provided as-is and should be reviewed prior to usage in production environments.

About

A proxy for pip that protects against name confusion attacks

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages