"PyPI is the main repository for Python packages. One thing that I've noticed recently is the number of published packages per week. Let's look at published counts of new package versions per week: There are some dips in the data, but that's because of how the data was collected. We can see a clear increase in the number of published packages, especially in the last few months. Because of AI, the number of packages published per week has increased by 30% since 2025."
"I'm working on hexora, a library that detects malicious Python code in packages. It monitors newly published PyPI packages in real time and analyzes them. A lot of packages, that have been published recently, are purely vibecoded, and they trigger false positive detections when my tool analyzes them. For some reason, they abuse eval, exec, and subprocess where this can be entirely avoided."
"In Python, eval and exec functions are used to execute code dynamically and are often used in malicious code to hide the payload. The eval itself has a low signal and does not trigger detection. When sensitive data is passed to it, or the code looks like obfuscated, it's a red flag. Sometimes, the code in such packages looks like malware. For example, one package reads Python code, modifies it as a string, passes all environment variables and local variables to eval and executes it. This is rarely needed in projects. If you really need to modify Python code, you can always modify AST trees instead."
"Another project dumps Python code into a database as base64 encoded strings. When retrieving the code from the database, it decodes and executes it with exec. Why would you even encode it? Base64 manipulations only look malicious and do not compress the code in any way. The code can be stored as a string! And yes, a lot of them are related to LLMs: agentic frameworks, loops, and so on. That's one of the reasons they manipulate the code via exec/eval."
PyPI serves as the main repository for Python packages, with a rising number of new package versions published per week. The increase is especially noticeable in recent months, and the number of packages published per week has grown by about 30% since 2025. A library called hexora monitors newly published PyPI packages in real time and analyzes them for malicious Python code. Many recently published packages appear to be “vibecoded,” causing false positives during analysis. These packages often abuse eval, exec, and subprocess even when alternatives exist. Low-signal eval usage becomes suspicious when sensitive data is passed or when code appears obfuscated. Some packages execute modified code via eval using environment and local variables, or store code as base64 strings and later decode and run it with exec, despite no clear need for encoding.
Read at Artem Golubin
Unable to calculate read time
Collection
[
|
...
]