Hi everyone,
It was recently discovered that the litellm package (v1.82.8) was compromised with a malicious .pth file that could steal SSH keys, environment variables, and other credentials without requiring an explicit import. Anybody who has installed this package has likely been compromised and needs to respond accordingly.
I was wondering if the Julia package registry doing anything to prevent similar issues? Someone here proposed that static analysis (to catch obfuscated code or leaked keys) could be used to automatically audits the code.
Best,
fdekerm