A few months ago, I was doing something completely normal. I needed a small Python library. So, I did what every Python developer does:
pip install <package>
But before hitting enter I paused. Something felt off. The package name looked right... but also slightly wrong. And that moment made me realize something uncomfortable:
We trust PyPI packages far more than we should.
That realization led me to build trustcheck --- a tool that helps developers verify the trustworthiness of PyPI packages before installing them.
The uncomfortable truth about pip install
Installing dependencies is the most normal thing in software
development. But under the hood we are doing something pretty risky:
pip install something-from-the-internet
In many cases we don't check:
- who published the package
- whether the artifact matches the source repo
- whether the maintainer account was compromised
- whether the package name is a typo
- whether the release came from a trusted build system
And attackers know this.
Attack #1: The typo that steals your secrets
One of the simplest attacks is typosquatting. An attacker uploads a package with a name that looks almost identical to
a popular one.
Example:
| Real package | Malicious typo |
|---|---|
requests |
reqeusts |
urllib3 |
urlib3 |
tensorflow |
tensorlfow |
Developers type quickly. CI scripts copy‑paste dependencies. And suddenly a malicious package gets installed.
Real malicious PyPI packages have been caught doing things like:
- exfiltrating AWS credentials
- stealing SSH keys
- sending environment variables to remote servers
All triggered by a simple:
pip install reqeusts
Attack #2: Dependency confusion
This one is even sneakier.
Imagine a company has an internal package called:
internal-utils
An attacker uploads a public PyPI package with the same name. Then they give it a higher version number. If a developer runs:
pip install internal-utils
pip might install the malicious public package instead of the internal
one. This technique was used in large-scale research that successfully
injected packages into major companies.
Attack #3: The compromised maintainer
Sometimes the attack doesn't involve fake packages at all. Instead, the real maintainer account gets compromised. Then the attacker publishes a new version like:
package 2.4.1
Everything looks legitimate. Same project. Same PyPI page.
But the new release contains malicious code. This has happened multiple times across open-source ecosystems.
The problem: we rarely verify packages
The ecosystem is built on trust. But trust without verification is fragile.
Developers typically check:
- GitHub stars
- number of downloads
- README quality
But those signals do not guarantee that a specific release artifact is
trustworthy. That's the gap trustcheck tries to fill.
Introducing trustcheck
trustcheck is a Python CLI that evaluates the trust signals of PyPI
releases before installation. Instead of blindly installing a package, you can inspect it first. It analyzes signals like:
- PyPI release metadata
- provenance information
- Trusted Publisher hints
- repository links
- publisher consistency
- vulnerability records
The goal is simple:
Turn blind trust into evidence‑based trust.
Installation
pip install trustcheck
Basic usage
Check the trust signals for a package:
trustcheck inspect requests
Check a specific version:
trustcheck inspect sampleproject --version 4.0.0
Check dependencies too:
trustcheck inspect sampleproject --version 4.0.0 --with-deps
Or inspect the full dependency tree:
trustcheck inspect sampleproject --version 4.0.0 --with-transitive-deps
Enforcing repository expectations
You can also verify that a package actually comes from the repository
you expect.
trustcheck inspect sampleproject \
--version 4.0.0 \
--expected-repo https://github.com/pypa/sampleproject
If something doesn't match, trustcheck flags it.
This helps defend against:
- dependency confusion
- publisher drift
- repository mismatches
CI integration
trustcheck can output JSON for automation:
trustcheck inspect sampleproject --version 4.0.0 --format json
This makes it easy to integrate into:
- CI pipelines
- dependency review bots
- internal security tooling
A better dependency workflow
Instead of:
pip install random-package
A safer workflow looks like:
1️⃣ Inspect package trust with trustcheck
2️⃣ Install dependency
3️⃣ Scan for vulnerabilities with pip-audit
Small change. Much safer ecosystem.
Why this matters
Modern applications depend on hundreds of packages. A single malicious dependency can:
- leak secrets
- compromise builds
- inject backdoors
- affect thousands of downstream users
Supply chain security is becoming one of the most important areas in
software development. trustcheck is a small step toward bringing those ideas into everyday Python workflows.
Try it out
GitHub: https://github.com/Halfblood-Prince/trustcheck
PyPI: https://pypi.org/project/trustcheck/
Top comments (0)