HN Showcase
Back to browse
GitHub Repository

Detect supply chain attacks in Python dependencies. Catches .pth injection, encoding obfuscation, typosquatting, and compromised packages. Zero dependencies, runs in 2 seconds.

4 starsPython

Pytest tests catching Python supply chain attacks (litellm .pth vector)

by qualitymax·Mar 26, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidDark HorseSolve My Problem

Catches .pth injection vectors from the litellm attack when Snyk and Dependabot miss them.

Strengths
  • Zero dependencies and 2-second runtime means it slots into any CI pipeline without bloat.
  • Seventeen specific tests target real attack vectors like base64 exfiltration and string concatenation obfuscation.
  • Pytest integration means security checks run alongside existing test suites automatically.
Weaknesses
  • Only 2 stars and no release history suggests this is very early with unproven detection accuracy.
  • Enterprise teams already using Snyk or GitHub Advanced Security may not need a separate scanner.
Category
Security
Target Audience

Python developers and security engineers

Similar To

Snyk · Dependabot · Safety

Similar Projects

AI/ML●●●Banger

ToolGuard – Pytest for AI agent tool calls

Finally, pytest for AI tool calls when evals only test intelligence.

Solve My ProblemZero to One
Heer_J
123mo ago