Tag

#pypi

Analysis

Tags Are Pointers. Pointers Move.

The structural gap between what a pipeline declares and what it executes, and what hash pinning actually fixes.

Daniel Malvaceda · Apr 16, 2026 · 14 min read

Incident Critical npm PyPI openvsix

TeamPCP Part II: Backdooring the AI Credentials Vault

TeamPCP's endgame: LiteLLM's PyPI wheel backdoored post-build, .pth system-wide persistence, and why AI gateways are a new class of supply chain target.

Daniel Malvaceda · Apr 1, 2026 · 27 min read