Does this mean opencode (and other such agent harnesses that auto update) might also be compromised?
sudorm
are there any timestamps available when the malicious versions were published on pypi? I can't find anything but that now the last "good" version was published on march 22.
show comments
Ayc0
Exactly what I needed, thanks.
rgambee
Seems that the GitHub account of one of the maintainers has been fully compromised. They closed the GitHub issue for this problem. And all their personal repos have been edited to say "teampcp owns BerriAI". Here's one example: https://github.com/krrishdholakia/blackjack_python/commit/8f...
somehnguy
Perhaps I'm missing something obvious - but what's up with the comments on the reported issue?
Hundreds of downvoted comments like "Worked like a charm, much appreciated.", "Thanks, that helped!", and "Great explanation, thanks for sharing."
show comments
homanp
How were they compromised? Phishing?
bfeynman
pretty horrifying. I only use it as lightweight wrapper and will most likely move away from it entirely. Not worth the risk
It looks like Trivy was compromised at least five days ago. https://www.wiz.io/blog/trivy-compromised-teampcp-supply-cha...
Use secure and minimalistic lm-proxy instead:
https://github.com/Nayjest/lm-proxy
``` pip install lm-proxy ```
Guys, sorry, as the author of a competing opensource product, I couldn’t resist
Reminded me of a similar story at openSSH, wonderfully documented in a "Veritasium" episode, which was just fascinating to watch/listen.
https://www.youtube.com/watch?v=aoag03mSuXQ
Does this mean opencode (and other such agent harnesses that auto update) might also be compromised?
are there any timestamps available when the malicious versions were published on pypi? I can't find anything but that now the last "good" version was published on march 22.
Exactly what I needed, thanks.
Seems that the GitHub account of one of the maintainers has been fully compromised. They closed the GitHub issue for this problem. And all their personal repos have been edited to say "teampcp owns BerriAI". Here's one example: https://github.com/krrishdholakia/blackjack_python/commit/8f...
Perhaps I'm missing something obvious - but what's up with the comments on the reported issue?
Hundreds of downvoted comments like "Worked like a charm, much appreciated.", "Thanks, that helped!", and "Great explanation, thanks for sharing."
How were they compromised? Phishing?
pretty horrifying. I only use it as lightweight wrapper and will most likely move away from it entirely. Not worth the risk