PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40 thousand downloads of a compromised version that installed a malicious payload capable of harvesting and exfiltrating…

DevelopmentInfoQPublished: March 31, 2026

Development

Read original article ↗← News

Development

DevelopmentGitHub BlogApr 1, 2026

Securing the open source supply chain across GitHub

Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on. The post Securing the open source supply chain across GitHub…

View summary Read original article ↗

Development

DevelopmentInfoQApr 1, 2026

ESLint v10: Flat Config Completion and JSX Tracking

ESLint version 10 has removed the legacy eslintrc configuration system, finalizing a long transition to flat config. The update enhances developer experience, especially for plugin authors and monorepo teams, by changing configuration file…

View summary Read original article ↗

Development

DevelopmentNode.js BlogApr 1, 2026