Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Mike Fiedler, Code Gardener @miketheman@hachyderm.io

11/26/2025, 9:02:10 PM

Public

There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.

TL,DR: Adopt Trusted Publishing 🔐🚀📦

https://blog.pypi.org/posts/2025-11-26-pypi-and-shai-hulud/

PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats - The Python Package Index Blog

Shai-Hulud is a great worm, not yet a snake. Attack on npm ecosystem may have implications for PyPI.

blog.pypi.org

Link author: Mike Fiedler, Code Gardener@miketheman@hachyderm.io

If you have a fediverse account, you can quote this note from your own instance. Search https://hachyderm.io/users/miketheman/statuses/115618016841703831 on your instance and quote it. (Note that quoting is not supported in Mastodon.)

Hugo van Kemenade @hugovk@mastodon.social

11/27/2025, 1:18:03 PM

Public

RE: https://hachyderm.io/@miketheman/115618016841703831

Use Trusted Publishing instead of long-lived PyPI tokens. For other things, here's how to use 1Password with direnv to set secrets in env vars.
https://hugovk.dev/blog/2025/secrets-in-env-vars/
#security #1Password #direnv #cli #PyPI