Are PIP packages curated? Is it safe to install them?
Question:
With Debian or Ubuntu packages, there is some quality control. Is PIP similar, or is it a complete free-for-all? Can anyone upload any code they want under any name that they want?
There seem to be some junk packages like https://pypi.python.org/pypi/opencv/0.0.1 which has the same name as a very popular computer vision framework, for example.
Answers:
No, there are no third-party checks on the code that is uploaded to PyPI (the Python Package Index, which is where pip downloads packages unless explicitly instructed otherwise). The only restriction is that once a package name exists, only the maintainer(s) can upload packages with that name (i.e. you can’t submit a malicious upgrade to someone else’s package using the same name). It is up to the maintainer to ensure that whatever they make available on PyPI doesn’t contain malware, unless they intend for it to be malware, and it is up to each individual developer to be aware of what they are downloading using pip.
This has been exploited in a research project investigating “typosquatting”. The researcher uploaded some “simulation malware” (mostly harmless) to PyPI under names that were misspelled versions of popular package names, in order to collect data on how often these misspelled packages were installed. If a black-hat hacker had done the same thing, they could have used much more malicious code.
See also this Security Stack Exchange question on the same topic.
To add to the existing answer, 5 years later:
A piece of software that was downloaded 30,000 times from PyPI was in fact malware: It stole credit card numbers and login credentials and injected malicious code on infected machines.
With Debian or Ubuntu packages, there is some quality control. Is PIP similar, or is it a complete free-for-all? Can anyone upload any code they want under any name that they want?
There seem to be some junk packages like https://pypi.python.org/pypi/opencv/0.0.1 which has the same name as a very popular computer vision framework, for example.
No, there are no third-party checks on the code that is uploaded to PyPI (the Python Package Index, which is where pip downloads packages unless explicitly instructed otherwise). The only restriction is that once a package name exists, only the maintainer(s) can upload packages with that name (i.e. you can’t submit a malicious upgrade to someone else’s package using the same name). It is up to the maintainer to ensure that whatever they make available on PyPI doesn’t contain malware, unless they intend for it to be malware, and it is up to each individual developer to be aware of what they are downloading using pip.
This has been exploited in a research project investigating “typosquatting”. The researcher uploaded some “simulation malware” (mostly harmless) to PyPI under names that were misspelled versions of popular package names, in order to collect data on how often these misspelled packages were installed. If a black-hat hacker had done the same thing, they could have used much more malicious code.
See also this Security Stack Exchange question on the same topic.
To add to the existing answer, 5 years later:
A piece of software that was downloaded 30,000 times from PyPI was in fact malware: It stole credit card numbers and login credentials and injected malicious code on infected machines.