Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised

 (github.com)

221 points | by dot_treo 8 hours ago

10 comments

  • Nayjest 20 minutes ago

    Use secure and minimalistic lm-proxy instead:

    https://github.com/Nayjest/lm-proxy

    ``` pip install lm-proxy ```

    Guys, sorry, as the author of a competing opensource product, I couldn’t resist

    • sudorm 12 minutes ago

      are there any timestamps available when the malicious versions were published on pypi? I can't find anything but that now the last "good" version was published on march 22.

      • santiago-pl 1 hour ago

        It looks like Trivy was compromised at least five days ago. https://www.wiz.io/blog/trivy-compromised-teampcp-supply-cha...

        • ajoy 40 minutes ago

          Reminded me of a similar story at openSSH, wonderfully documented in a "Veritasium" episode, which was just fascinating to watch/listen.

          https://www.youtube.com/watch?v=aoag03mSuXQ

          • ilusion 28 minutes ago

            Does this mean opencode (and other such agent harnesses that auto update) might also be compromised?

            • Ayc0 26 minutes ago

              Exactly what I needed, thanks.

              • rgambee 7 hours ago

                Seems that the GitHub account of one of the maintainers has been fully compromised. They closed the GitHub issue for this problem. And all their personal repos have been edited to say "teampcp owns BerriAI". Here's one example: https://github.com/krrishdholakia/blackjack_python/commit/8f...

                • somehnguy 1 hour ago

                  Perhaps I'm missing something obvious - but what's up with the comments on the reported issue?

                  Hundreds of downvoted comments like "Worked like a charm, much appreciated.", "Thanks, that helped!", and "Great explanation, thanks for sharing."

                  [-]
                  • kamikazechaser 51 minutes ago

                    Compromised accounts. The malware targeted ~/.git-credentials.

                  • homanp 5 hours ago

                    How were they compromised? Phishing?

                    • bfeynman 7 hours ago

                      pretty horrifying. I only use it as lightweight wrapper and will most likely move away from it entirely. Not worth the risk

                      [-]
                      • dot_treo 7 hours ago

                        Even just having an import statement for it is enough to trigger the malware in 1.82.8.