SPAM (1) package from Python Package Index.
- advertisements, spam packages etc.
spatial-eva¶
Affected versions: unspecified (1)
- Version numbers are currently not tracked. Assume all versions are affected.
Campaign data¶
Campaign information may not always be 100% accurate for every related package.
Campaign description
While dependency confusion is a serious thing, I don't think the solution is to register every possible generic name that could exist in local repositories or imports... (or be generated by AI? This seems to be AI-related thing).
This package (and others from this user) has no real content and seems to be generated by a tool https://github.com/jvlax/vibehat to prevent "dependency confusion", but the scanner takes every local dependency and every non-relative import (https://github.com/jvlax/vibehat/blob/eed43b24b17ba393efc1b4e06aa7f9413559831a/backend/github_scanner.py#L345).
See more details on the campaign page.
other
Campaign targets other.
Look up in other services¶
- Check metadata in pypi-data project (1)
- Search for the package in deps.dev(2)
- Search for the package in socket.dev (3)
- Search for the package in secure.software (4)
- May not be available. See more in pypi-json-data repository.
- Open Source Insights project, provided by Google.
- Service from Socket.dev, a cybersecurity company.
- Spectra Assure Community, a service from ReversingLabs, a cybersecurity company.