21CTO

Sep 5, 2024 · Information Security

Can Deleted PyPI Packages Be Hijacked? What It Means for Your CI/CD Security

JFrog’s security team reveals that attackers can hijack deleted PyPI packages by re‑registering the same name, tricking tools like Jenkins into installing malicious code, and outlines the scale of the risk, real‑world examples, and new defenses introduced by PyPI.