The newly approved Python Enhancement Proposal 751 gives Python a standard lock file format for specifying the dependencies of projects. Here’s the what, why, and when. Python Enhancement ...

For example ... Python framework. The people behind these malicious packages added malicious code to these newly-created, but fully functional projects, and more specifically to the setup.py files.

A 15-year-old vulnerability in the open source Python programming language ... with the result that over 350,000 projects are at risk of potential supply chain cyber attacks, according to threat ...

Python’s builders have accepted a proposal to create a universal lock file format for Python projects that would specify dependencies, enabling installation reproducibility in a Python environment.