A malicious package has been discovered in the Python Package Index, specifically in version 1.82.8 of the litellm package. The compromised package contains a malicious .pth file, litellm_init.pth, which is 34,628 bytes in size and is automatically executed by the Python interpreter at startup, without requiring any explicit import of the litellm module. This supply-chain compromise poses a significant threat as it can be executed without any user interaction. The presence of such malicious files highlights the need for enhanced security measures, including Software Bills of Materials (SBOMs), Supply Chain Levels for Software Artifacts (SLSA), and SigStore1. The fact that the malicious package was able to bypass security checks and make its way into the Python Package Index raises concerns about the effectiveness of current security protocols. This incident matters to practitioners because it underscores the importance of implementing robust security measures to prevent similar supply-chain compromises in the future.
Python Supply-Chain Compromise
⚡ High Priority
Why This Matters
The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without requiring an
References
- Schneier, B. (2026, April 8). Python Supply-Chain Compromise. *Schneier on Security*. https://www.schneier.com/blog/archives/2026/04/python-supply-chain-compromise.html
Original Source
Schneier on Security
Read original →