LiteLLM PyPI Compromise Is Just the Beginning — How to Audit Your Python Dependencies Right Now

If you missed it: LiteLLM versions 1.82.7 and 1.82.8 on PyPI were compromised — malicious code was injected into one of the most popular LLM proxy packages.

This is the latest in a growing pattern. PyPI supply chain attacks have hit:

• event-stream (2018, 8M weekly downloads)
• ua-parser-js (2021, 7M weekly downloads)
• colors.js (2022, self-sabotage by maintainer)
• Ultralytics (2024, AI/ML package)
• LiteLLM (2026, this week)

The attack surface is growing because most Python projects don't audit their dependencies.

Check If You're Affected (30 Seconds)

pip show litellm 2>/dev/null && echo "INSTALLED — check version" || echo "Not installed"
pip show litellm 2>/dev/null | grep Version

If you see 1.82.7 or 1.82.8 — you need to act:

pip install litellm==1.82.6  # last known-good version

Audit ALL Your Dependencies (5 Minutes)

Here's a script that checks your entire environment against known vulnerabilities:

import subprocess
import json
import requests

def audit_packages():
    """Check all installed packages against NVD and PyPI advisories."""
    result = subprocess.run(["pip", "list", "--format=json"], capture_output=True, text=True)
    packages = json.loads(result.stdout)

    print(f"Checking {len(packages)} packages...\n")

    for pkg in packages:
        name = pkg["name"]
        version = pkg["version"]

        # Check PyPI for yanked versions
        try:
            resp = requests.get(f"https://pypi.org/pypi/{name}/{version}/json", timeout=5)
            if resp.status_code == 404:
                print(f"⚠️  {name}=={version} — VERSION NOT FOUND ON PYPI (possibly yanked!)")
            elif resp.status_code == 200:
                data = resp.json()
                if data.get("info", {}).get("yanked"):
                    print(f"🔴 {name}=={version} — YANKED! Reason: {data['info'].get('yanked_reason', 'unknown')}")
        except Exception:
            pass

    print("\nDone. Also run: pip audit (if installed)")

audit_packages()

3 Preventive Measures That Actually Work

1. Pin exact versions + use hash checking:

# requirements.txt
litellm==1.82.6 --hash=sha256:abc123...

2. Use pip audit (it's free):

pip install pip-audit
pip-audit  # checks all packages against OSV database

3. Monitor with the NVD API (free, no key):

import requests

def check_cve(package_name):
    url = f"https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch={package_name}"
    resp = requests.get(url)
    vulns = resp.json().get("vulnerabilities", [])
    print(f"{package_name}: {len(vulns)} known CVEs")
    for v in vulns[:3]:
        cve = v["cve"]
        severity = cve.get("metrics", {}).get("cvssMetricV31", [{}])[0].get("cvssData", {}).get("baseSeverity", "UNKNOWN")
        print(f"  {cve['id']} ({severity}): {cve['descriptions'][0]['value'][:60]}...")

check_cve("litellm")
check_cve("requests")
check_cve("django")

The Uncomfortable Truth

Most of us:

• pip install <package> without checking who published it
• Never review changelogs between minor versions
• Don't pin hashes
• Don't run pip audit in CI

And honestly? I was doing the same until I built these security tools.

What's Your Setup?

How do you audit your Python dependencies?

• Do you use pip-audit, safety, or something else?
• Do you pin hashes in production?
• Have you ever been hit by a supply chain attack?

I built a PyPI Supply Chain Checker and a NVD Vulnerability Scanner that automate this — curious what tools others are using.

This is actively developing — the LiteLLM maintainers have confirmed the compromise and are working on a fix.