Can Rye Prevent Dependency Confusion Attacks? #1076
HeerlijkeHeer
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I recently became aware of dependency confusion attacks and have been wondering how we can defend against them. From reading Rye's documentation, it wasn't clear to me what Rye's default behaviour is when selecting between PyPi and your custom sources. Also, can Rye link a particular package to your custom source (e.g. through the lock files) so that it is always pulled from that source and never from PyPI?
This may not be Rye-specific, and there may not be anything Rye can do in this area, but I'm still very interested.
Thank you for any enlightenment you can offer!
Beta Was this translation helpful? Give feedback.
All reactions